David Rudder wrote this original version of this Firewall-HOWTO, now over four years ago, and I'd still like to thank him for allowing me to update his work.
I'd also like to thank Ian Gough for kindly assisting a this dislexic writer.
Firewalls have gained great popularity as the ultimate in Internet Security. Today firewalls are a part of almost every networking device. Like most hot subject they are also often misunderstood. This HOWTO will go over the basics of what a firewall is and how to set one up.
I am using kernel 2.2.14 and RedHat 6.1 to develop this howto so the examples here are based on this distribution. If you find differences in your distribution, please email me and I'll update this howto.
Any feedback is very welcome. PLEASE REPORT ANY INACCURACIES IN THIS PAPER!!! I am human, and prone to making mistakes. If you find a fix for anything please send it to me. I will try to answer all e-mail, but I am busy, so don't get insulted if I don't.
My email address is mark@grennan.com
Times have changes. This section did say "I am not, nor do it pretend to be, a security expert." Now I am one. My offical title is Security Analist. So maybe I know something about what I write. But please, I am writing this to help people get aquainted with this subject. I am not ready to stake my life on the accuracy of this document. If all you know about firewalls is based on this document, don't stake your job on your firewall. I AM NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THIS DOCUMENT.
Unless otherwise stated, Linux HOWTO documents are copyrighted by their respective authors. Thats me. Linux HOWTO documents MAY (even should) be reproduced and distributed in whole or even in part, in as may mediums, physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged.
Please email me if you do us this work in any distribution. (I like to find my name in print)
All translations, derivative works, or aggregate works incorporating any Linux HOWTO documents must be covered under this copyright notice. That is, you may not impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions; please contact the Linux HOWTO coordinator.
In short, we wish to promote dissemination of this information through as many channels as possible. However, we do wish to retain copyright on the HOWTO documents, and would like to be notified of any plans to redistribute the HOWTOs but you can do it without asking so long as this Copyright statment remains.
If you have any questions, please email me. (See Above)
Several years ago, while working for the State of Oklahoma as their "Internet Administrator" I was ask to "put the State on the Internet", with no budget. (Note: There was no such title at the time. I was just the guy doing all the work.) The best way to make this happen was to use as much free software and junk hardware as I could. Linux and a bunch of old 486s were all I had to work with.
Linux was my only hope. At the time (and even now) commercial firewalls are where every expensive. All the documentation I could find on how they work is considered almost top secret. As a result, I found creating a firewall of my own was almost impossible.
At my next job with American Floral Services (AFS), I was asked to put in a firewall and Linux had just added firewall code in the kernal. So again, with no budget, I started building a firewall with Linux. Six months later my firewall was in place and this document was updated.
Now, six years latter, I have worked with lots of firewalls. CheckPoint Firewall-1, Cisco Pix, lots of simple router firewalls and every version of Linux based firewall there is. I consider Linux the best firewall there is. But it may be the most complex to setup.