Firewalls the core components of a network security implementation
Firewalls can be standalone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall.
There are also proprietary software firewall solutions developed for home and business markets by vendors such as Checkpoint, McAfee, and Symantec.
Firewalls function:
NAT
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several.
Packet Filter [iptables]
A packet filtering firewall reads each data packet that passes within and outside of a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator.
The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
Proxy
A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
Netfilter and iptables
The Linux kernel features a powerful networking subsystem called Netfilter. The Netfilter subsystem provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter also has the ability to mangle IP header information for advanced routing and connection state management. Netfilter is controlled through the iptables utility.
Examples:
iptables - administration tools for packet filtering and NAT
shorewall - Shoreline Firewall, netfilter configurator - transitional package
Leave a Reply
You must be logged in to post a comment.
