O'Reilly logo

Learning Red Hat Linux, Third Edition by Bill McCarty

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing a Basic Firewall

Sometimes you may want a host to provide certain services to only local clients or clients on other hosts of a network that you control. If your network is connected to the Internet, you can use a firewall to prevent undesired access to services. A Linux firewall depends on certain kernel facilities to examine incoming and outgoing packets. Packets that fail to pass specified rules can be rejected, preventing undesired access to private services.

A related facility, known as IP masquerading, lets hosts on a network connect to the Internet via a host known as the masquerading host. All packets from the network seem to the outside host to have come from the masquerading host. IP masquerading lets you:

  • Prevent outside access to services offered on a private network

  • Hide the structure of private networks

  • Conserve IP addresses by assigning freely usable reserved IP addresses to masqueraded hosts

Configuring the Firewall

At installation time, Red Hat Linux lets you configure a firewall for your system; however, you can reconfigure the firewall after installation. For a firewall to be secure and flexible, customization is almost always required. However, customizing a firewall requires an understanding of the ports and protocols used by each running service, an expertise that generally requires considerable time to achieve. To learn more about services, ports, and protocols, see the resources described at the end of this chapter.

To configure a firewall, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required