68
Chapter 7. Firewalls
Method Description
Advantages
Disadvantages
Proxy
Proxy Firewalls filter all
Gives administrators
Proxies are often
requests of a certain
control over what
application specific
protocol or type from LAN
applications and protocols
(HTTP, telnet, etc.) or
clients to a proxy machine,
function outside of the
protocol restricted (most
which then makes those
LAN
proxies work with TCP
requests to the Internet on
Some proxy servers can
connected services only)
behalf of the local client. A
cache data so that clients
Application services
proxy machine acts as a
can access frequently
cannot run behind a proxy,
buffer between malicious
requested data from the
so your application servers
remote users and the
local cache rather than
must use a separate form
internal network client
having to use the Internet
of network security
machines.
connection to request it,
Proxies can become a
which is convenient for
network bottleneck, as all
cutting down on
requests and transmissions
unnecessary bandwidth
are passed through one
consumption
source rather than direct
Proxy services can be
client to remote service
logged and monitored
connections
closely, allowing tighter
control over resource
utilization on the network
Table 7 1. Firewall Types
7.1. Netfilter and
iptables
The Linux kernel features a powerful networking subsystem called netfilter. The netfilter subsystem
provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfil
ter also has the ability to mangle IP header information for advanced routing and connection state
management. Netfilter is controlled through the
iptables
executable.
7.1.1.
iptables
Overview
The power and flexibility of netfilter is implemented through the
iptables
interface. This command
line tool is similar in syntax to its predecessor,
ipchains
; however,
iptables
uses the netfilter sub
system to enhance network connection, inspection, and processing; whereas
ipchains
used intricate
rule sets for filtering source and destination paths, as well as connection ports for both.
iptables
features advanced logging, pre and post routing actions, network address translation, and port for
warding all in one command line interface.
This section provides an overview of IPTables. For more detailed information about
iptables
, refer
to the Official Red Hat Linux Reference Guide.
7.1.2. Using
iptables
The first step in using
iptables
is to start the
iptables
service. This can be done with the com
mand:
service iptables start
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved