Chapter 3. Building a Linux Firewall

3.0. Introduction

In this chapter, you’ll learn how to build a Linux iptables firewall from scratch. While the recipes are aimed at DSL and cable Internet users, they also work for T1/E1 customers. In fact, a Linux box with a T1 interface card is a great alternative to expensive commercial routers. If you’re a normal business user and not an ISP that needs Buicksized routers handling routing tables with hundreds of thousands of entries, then Linux on good-quality x86 hardware will serve your needs just fine.

A Linux border firewall can provide security and share an Internet connection for a whole LAN, which can contain Linux, Windows, Mac, and other PCs. A host firewall protects a single PC. There are a multitude of hardware choices for your fire-wall box, from small single-board computers, to recycled old PCs, to rackmount units. Any Linux distribution contains everything you need to build a sophisticated, configurable, reliable firewall on any hardware.

Definitions and roles get a bit blurry, as an iptables firewall does both packet filtering and routing. You could call it a filtering router.

iptables is the key to making everything work. Having a solid understanding of how iptables works and how to write custom rules will give you mighty network guru powers. Please study Oskar Andreasson’s Iptables Tutorial ( and Craig Hunt’s TCP/IP Network Administration (O’Reilly) to get a deeper understanding of how ...

Get Linux Networking Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.