Setting up a Linux firewall
Linux systems have a firewall software built right into the kernel. This packet-filtering framework is called netfilter
(since Linux 2.4). It is controlled by a tool called iptables
, which instructs the kernel what to do with incoming and outgoing network packets.
In this recipe, we will begin with an empty iptables
configuration (firewall disabled) and configure it to drop any incoming packets except those we specifically allow. Before we set up a firewall, we should review some basic concepts related to network communication and the organization of iptables
.
The following are some basic packet-filtering concepts:
Packets: The Internet is a packet-switched network. This means that all communication is facilitated by breaking up the content into small blocks called packets, which are routed from one computer on the network to another.
IP address: The adresses of machines on the Internet are specified by numerical IP addresses, such as
93.184.216.119
(IPv4) or2606...