Advertisment

Firewalls with Linux

author-image
PCQ Bureau
New Update

Linux has always been considered as a secure firewall. The default install type in all the install options sets the built-in firewall of Linux to a medium level. This allows only the DHCP client to work and receive information from outside. However you can configure the firewall on your system quite easily.

Advertisment

In case X-Window is installed, you can run Lokkit–the default, wizard based configuration tool for setting up the Linux firewall. Simply run it from the menu to start a Wizard. Follow the steps of the wizard carefully and read the questions it asks you. 

The wizard asks whether you wish to set the firewall as high, low or to disable it. Depending on your choice, it then proceeds to ask you if you wish to trust all connections coming to each of your network interfaces and which are the services you wish

to publish. For example, if you have a Web server or SSH daemon running, you will have to answer “Yes” to these questions.

In case, you select “Yes” for the mail relaying, the wizard does an extensive check of the mail relaying capabilities of the system. Once this is over your firewall is up and running.

Advertisment

However, in most cases, you will not have X Window installed on your firewall machine. In this case, the best idea is to use Webmin. Go to the Servers page and select “Linux Firewall”.

This new page allows you to set different rules and modify existing ones. You can also change the order in which the firewall rules are executed. To add a new rule, simply select the type of action you wish for incoming, outgoing or forwarded packets

(accept, reject, etc.).

To modify a rule, click on the rule shown in the table at the bottom of the page and modify its parameters. The last columns also allow you to quickly move the rule up or down in the execution list.

Advanced Linux administrators would prefer the more detailed view of Webmin than the X-Window based Lokkit. However, the latter is more suited to small networks and home users who do not wish to get

into the intricacies of designing these complex firewall rules.

Vinod Unny

Advertisment