A secure kernel is only part of the solution for using a wireless network securely. A station on a wireless network is in a hostile environment. Anyone nearby can launch an attack against the station. The station should not rely on other network defenses to keep these attacks at bay; it must defend itself from hostile activity.
The firewall configuration on a wireless client is relatively simple. Most clients are not running any services such as web or mail servers. The only new connections should be outbound from the host; there should be no inbound connection requests. If you do have services running on your client, you will need to modify your firewall configuration appropriately.
The Netfilter firewall included in Linux 2.4 is controlled by the
iptables. In a nutshell, Netfilter uses
a list of firewall rules called chains to
process packets. There are three different chains in a Netfilter
Packets destined for the host machine are handled by the INPUT chain. If a host is running a web server, packets destined for port 80 on the host’s public IP address would be handled by the INPUT chain.
The OUTPUT chain processes packets generated by the host for another host. A request by your workstation for a web page from a remote web server would be handled by your workstation’s output chain.
The FORWARD chain processes packets that are sourced by a non-local host and destined for a non-local host. This type of action ...