iptables Firewall for a Choke Firewall from Chapter 6

Chapter 6 built on the standalone firewall example to develop either a gateway or a choke firewall. The gateway separated the Internet from the DMZ. The choke separated the DMZ from the LAN. The two firewalls were largely identical in terms of what they forwarded. They differed in that the gateway host didn't host any services, whereas the choke firewall did for the LAN.

NAT wasn't used in the Chapter 6 sample scripts. A private Class C network block was divided between the DMZ and LAN as a demonstration, and the assumption was made that both networks' address spaces were not within the private address space. The forward rules perform the actual firewall filtering. The nat table is used to ...

Get Linux Firewalls, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.