A Sample Firewall Configuration

We’ve discussed the fundamentals of firewall configuration. Let’s now look at what a firewall configuration might actually look like.

The configuration in this example has been designed to be easily extended and customized. We’ve provided three versions. The first version is implemented using the ipfwadm command (or the ipfwadm-wrapper script), the second uses ipchains, and the third uses iptables. The example doesn’t attempt to exploit user-defined chains, but it will show you the similarities and differences between the old and new firewall configuration tool syntaxes:

#!/bin/bash ########################################################################## # IPFWADM VERSION # This sample configuration is for a single host firewall configuration # with no services supported by the firewall machine itself. ########################################################################## # USER CONFIGURABLE SECTION # The name and location of the ipfwadm utility. Use ipfwadm-wrapper for # 2.2.* kernels. IPFWADM=ipfwadm # The path to the ipfwadm executable. PATH="/sbin" # Our internal network address space and its supporting network device. OURNET="172.29.16.0/24" OURBCAST="172.29.16.255" OURDEV="eth0" # The outside address and the network device that supports it. ANYADDR="0/0" ANYDEV="eth1" # The TCP services we wish to allow to pass - "" empty means all ports # note: space separated TCPIN="smtp www" TCPOUT="smtp www ftp ftp-data irc" # The UDP services we wish ...

Get Linux Network Administrator's Guide, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.