Nowadays a lot of people have a broadband internet connection, and when you are using more than one computer then an internet broadband router is the easiest way to go.
Easy to configure, and really secure… The only thing is, that it often isn’t scalable enough if you are running a lot of services in your network, and you like to keep it all secure.
Especially some exotic communication protocols are not supported by a simple broadband router. Because a linux based firewall is very flexible, it could then be a solution to your problem.
The most popular program to use is IPTables. This is a program that can manage firewall functions in your linux distribution like packet filtering, connection tracking, NAT, logging and rate limiting. I will discuss all these functions in this article, except for NAT.
NAT is not really a firewall feature, but is part of the IPtables suite. I will therefore not discuss this item here, but rather create a separte article.
But first I will give you an understanding of what happens when you’re using IPTables.
IPtables consists of two parts, one part that is handled in kernelspace and one part that is handled in userspace.
Kernelspace is an environment where the Operating System can execute code, here are usually drivers for hardware located. Userspace is the environment where the user software can be executed. The advantage of separating these two, is that when user software crashes it usually doesn’t crash the whole system because the kernel space is left untouched.
The kernelspace consists of something called “chains”. Deze chains represent a state in which something is going to happen with a packet.
The five chains are, prerouting, forwarding, postrouting, input and output.
When a packet arrives at the routing module, it decides what to do with them:
So, now we know when to place a packet in a chain. But now we have to know what to do with it. This is where IPtables comes in to play.
The userspace consists of Tables, which hook in to the chains in kernelspace.
There typically are Three tables in userspace: Filter, NAT and mangle. There can be more tables, depending on which kernel modules you loaded in to your kernel.
The Filter tables contains the INPUT, FORWARD and OUTPUT chains. This is typically the chain you would work with most when you are creating a firewall because it allows you to drop or forward packets destined for or from the firewall itself, and packages which are going to be forwarded.
So to give you a overview so far: When a package arrives, it is send to a chain based on the destination or the source.
When it arrives at the chain, it is compared to a table of rules and altered accordingly before sending it to its destination.
In Part two I will discuss howto implement IP tables.