A firewall computer is a secure system that sits between an internal network and an external network (i.e., the Internet). It is configured with a set of rules that it uses to determine what traffic is allowed to pass and what traffic is barred. While a firewall is generally intended to protect the network from malicious or even accidentally harmful traffic from the outside, it can also be configured to monitor traffic leaving the network. As the sole entry point into the system, the firewall makes it easier to construct defenses and monitor activity.

The firewall can also be set up to present a single IP address to the outside world, even though multiple IP addresses may be used internally. This is known as masquerading . Masquerading can act as additional protection, hiding the very existence of a network. It also saves the trouble and expense of obtaining multiple IP addresses.

IP firewalling and masquerading are implemented in Linux Version 2.4 with netfilter , also known as iptables . In Linux Version 2.2, they are implemented with the ipchains facility. The 2.0 kernels used a command called ipfwadm, which will not be covered here. The two newer commands are very similar, but differ in some of the organization of their rules. The firewalling facilities built into the 2.4 kernel are also designed to be extensible—if there is some function missing from the implementation, you can add it.

Most distributions come with firewall support already ...