Chapter 13.
Firewalls and
iptables
Linux comes with advanced tools for packet filtering   the process of controlling network packets
as they enter, move through, and exit the network stack within the kernel. Pre 2.4 kernels relied on
ipchains
for packet filtering and used lists of rules applied to packets at each step of the filtering
process. The introduction of the 2.4 kernel brought with it
iptables
(also called netfilter), which
is similar to
ipchains
but greatly expands on the scope and control available for filtering network
packets.
This chapter focuses on packet filtering basics, defines the differences between
ipchains
and
ipt 
ables
, explains various options available with
iptables
commands, and shows how filtering rules
can be preserved between system reboots.
If you require instructions for constructing
iptables
rules or setting up a firewall based on these
rules, please see Section 13.5 for more information.
Warning
The default firewall mechanism under the 2.4 kernel is iptables, but iptables cannot be used if
ipchains are already running. If ipchains are present at boot time, the kernel will issue an error
and fail to start iptables.
The functionality of ipchains is not affected by these errors.
13.1. Packet Filtering
Traffic moves through a network in packets. A network packet is collection of data in a specific size
and format. In order to transmit a file over a network, the sending computer must first break the file
into packets using the rules of the network protocol. Each of these packets holds a small part of the
file data. Upon receiving the transmission, the target computer reassembles the packets into the file.
Every packet contains information which helps it navigate the network and move toward its destina 
tion. The packet can tell computers along the way, as well as the destination machine, where it came
from, where it is going, and what type of packet it is, among other things. Most packets are designed to
carry data, although some protocols use packets in special ways. For example, the Transmission Con 
trol Protocol (TCP) uses a SYN packet, which contains no data, to initiate communication between
two systems.
The Linux kernel contains the built in ability to filter packets, allowing some of them into the system
while stopping others. The 2.4 kernel's netfilter has three built in tables or rules lists. They are as
follows:
  filter
  This is the default table for handling network packets.
  nat
  This table used to alter packets that create a new connection.
  mangle
  This table is used for specific types of packet alteration.
Each of these tables in turn have a group of built in chains which correspond to the actions performed
on the packet by the netfilter.
The built in chains for the
filter
table are as follows:
INPUT   This chain applies to packets received via a network interface.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved