Network security, and more specifically the use of Internet firewalls, is one of today's hottest topics in the computer business. Every private network that is going to be connected to the Internet needs an appropriate firewall, being some combination of hardware, software, and procedures, to protect it. Most commercial firewall products are quite expensive, especially for small companies.
An alternative is to use Linux, a freely available operating system. We will mainly focus on one aspect of Linux, the IP packet screening facilities, being one of the components for building firewalls based on Linux. The Linux packet screening facilities also provide a mechanism to support transparent proxy servers, which will also be described. At the end you'll find some recommendations for using Linux systems as a complete firewall solution.
This paper is based on release 2.0.25 of the Linux kernel and version 2.3.0 of the ipfwadm utility. Be aware of the fact that some details might change in future releases of Linux.
Copyright © 1996 by X/OS Experts in Open Systems BV. All rights reserved.