Simply put it acts as a barrier between your computer and the internet. To protect you from crackers, hackers and malware.

If your running DSL or a cable modem you should employ a firewall, as having a direct connection to the Internet can make you a target to attack. Firewalls can be hardware or software based. With firewalls you set up ACL’s or Access Control lists to allow or deny traffic.

There are three different ways a firewall can block traffic.

1. Packet Filtering- Packets are analyzed against filters in the firewall rulesets. Firewalls will drop packets that are not allowed in the firewall rulesets.

2. Proxy Service- Information from the Internet is grabbed by the firewall and delivered to the requesting service thru the proxy.

3. Statefull packet inspection- looks up criteria against a database of trusted information. To see if the packet contains anything that would allow

or deny it into the network.

Firewalls are customizable allowing you to create your own rulesets you can block IP addresses, specific protocols such as Telnet, FTP, ICMP, UDP, SMTP and many others.

Firewalls can be customized to block specific ports, or even keywords.

There are many software firewalls availiable such as Tiny Firewall http://www.tinysoftware.com/home/tiny2?la=EN That is designed to keep hackers out of your network and block Spyware.

Zone Labs makes ZoneAlarm I like it bcause it has a simple interface allowing home users to configure it easily. http://www.zonelabs.com/store/content/home.jsp

For hardware firewalls there is:

Cisco www.cisco.com There brand is called PIX firewall.

From home users I like D-Link DI-604 this is a inexpensive firewall that works well. Best of all it fits into almost any budget.

Linksys (now part of Cisco) offers a router/firewall that supports VPN and DMZ. www.linksys.com

There are many hardware solutions including setting up a firewall on a *nix box. I like this the best as it gives you the firewall administrator the most control. I personally like OpenBSD for any security applications I would run with Unix, as it is secure. There have been very few exploits against this platform.

I will be writing more articles about firewalls shortly.

Written by Benjamin Hargis.

Firewall for other Server

For other server you can use one network card for connecting to internet that is eth0, by cutting out eth1 section after that you can select disable no need services, Example. if you setting up webserver you need to open HTTP port (80) and SSH port (22) only or if you use MySQL database you will need to open port 3306. If you install mail server you need to open port 110, 143, and 25 for using mail server, using script as below and modify it to match for your server :

#!/bin/sh
#chkconfig: 2345 60 95
#description: IPTABLES Firewall \
#CALL FUNCTION——————————-
. /etc/rc.d/init.d/functions
#CHECK NETWORK—————————-
. /etc/sysconfig/network
#CHECK NETWORK STATUS—————–
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
if [ ! -x /sbin/iptables ]; then
exit 0
fi

#CREATE SCRIPT FOR PARAMETER BEHIND SERVICE—————————
case “$1″ in
start)
echo -n “Starting Firewall : ”
#———————————————————————

Read More…

Gateway Firewall

Is connector between internal network and external network, In this case use connecting with Lease Line you need to have 2 network card for connect to external network (eth0) and connect to internal network (eth1 for LAN and have private ip such as 192.168.1.1) . Next, Create firewall file in /etc/rc.d/init.d/ by command :

#vi /etc/rc.d/init.d/firewall

Add firewall script as below, some services is disable if you need to use you can uncomment that service line for enable it to working.

#!/bin/sh
#chkconfig: 2345 60 95
#description: IPTABLES Firewall \
#CALL FUNCTION——————————-
. /etc/rc.d/init.d/functions
#CHECK NETWORK—————————-
. /etc/sysconfig/network
#CHECK NETWORK STATUS—————–
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
if [ ! -x /sbin/iptables ]; then
exit 0
fi

#CREATE SCRIPT FOR PARAMETER BEHIND SERVICE—————————
case “$1″ in
start)
echo -n “Starting Firewall : ”
#————————————————————————

Read More…