Home > Developer > Linux

Install the Linux firewall to ensure Network Security

Source: Internet
Author: User
Tags linux mint
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Network security is getting more and more attention from small and medium-sized enterprises. In Linux systems used by small and medium-sized enterprises, how can we ensure network security? Linux firewall is required. How can I install the Linux firewall? This article explains how to install the Linux firewall.

Assume that a LAN is connected to the Internet and the public network address is 202.101.2.25. According to RFC1597, the private address of the Intranet uses the class C address 192.168.0.0 ~ 192.168.255.0. For convenience, we use three computers as an example. In fact, it can be expanded to a maximum of 254 computers.
The procedure is as follows.

Install two NICs ech0 and ech1 on a Linux host, assign a private Intranet address 191.168.100.0 to the ech0 Nic, and assign a public network address 202.101.2.25 to the ech1 Nic, used to connect to the Internet.

On a Linux host, configure access, forwarding, outbound, and user-defined links. This article uses the rules that allow inbound and outbound information and forward packets, but prohibit some dangerous packets, such as IP spoofing packets, broadcast packets, and ICMP attack packets.
The specific settings are as follows.

(1) Refresh all rules

 
 
    
  
  
  1. /sbin/ipchains  -F forward  
    2. 
  
  
  2. /sbin/ipchains  -F input  
    3. 
  
  
  3. /sbin/ipchains  -F output 
    4.

(2) set initial Rules

 
 
    
  
  
  1. /sbin/ipchains  -A input  -j ACCEPT     
    2. 
  
  
  2. /sbin/ipchains  -A output  -j ACCEPT    
    3. 
  
  
  3. /sbin/ipchains  -A forward -j ACCEPT 
    4.

(3) set local loop rules

 
 
    
  
  
  1. /sbin/ipchains  -A input -j ACCEPT  -  i lo    
    2. 
  
  
  2. /sbin/ipchains  -A output -j ACCEPT  -  i lo   
    3.

Packets between local processes can pass.

(4) IP spoofing prohibited

 
 
    
  
  
  1. /sbin/ipchains  -A input -j DENY   
    2. 
  
  
  2. -  i  ech1 - s 192.168.100.0/24  
    3. 
  
  
  3. /sbin/ipchains  -A input -j DENY    
    4. 
  
  
  4. -  i  ech1 - d 192.168.100.0/24  
    5. 
  
  
  5. /sbin/ipchains  -A output -j DENY  
    6. 
  
  
  6. -  i  ech1 - s 192.168.100.0/24  
    7. 
  
  
  7. /sbin/ipchains  -A output -j DENY   
    8. 
  
  
  8. -  i  ech1 - d 192.168.100.0/24  
    9. 
  
  
  9. /sbin/ipchains  -A input -j DENY   
    10. 
  
  
  10. -  i  ech1 -s 202.101.2.25/32  
    11. 
  
  
  11. /sbin/ipchains  -A output -j DENY  
    12. 
  
  
  12. -  i  ech1 -d 202.101.2.25/32 
    13.

(5) prohibit broadcast packets

 
 
    
  
  
  1. /sbin/ipchains  -A input -j DENY    
    2. 
  
  
  2. -  i  ech0 - s 255.255.255.255  
    3. 
  
  
  3. /sbin/ipchains  -A input -j DENY    
    4. 
  
  
  4. -  i  ech0 - d 0.0..0.0  
    5. 
  
  
  5. /sbin/ipchains  -A output -j DENY   
    6. 
  
  
  6. -  i  ech0 - s 240.0.0.0/3 
    7.

(6) set ech0 forwarding rules

 
 
    
  
  
  1. /sbin/ipchains  -A forword -j MASQ  
    2. 
  
  
  2. -  i  ech0- s 192.168.100.0/24 
    3.

(7) set ech1 forwarding rules

 
 
    
  
  
  1. /sbin/ipchains  -A forword -j ACCEPT   
    2. 
  
  
  2. -  i  ech1- s 192.168.100.0/24  
    3. 
  
  
  3. /sbin/ipchains  -A forword -j ACCEPT   
    4. 
  
  
  4. -  i  ech1- d 192.168.100.0/24 
    5.

Save the rule to/etc/rc. in the firewallrules file, use chmod to grant the File Execution permission. In the/etc/rc. d. rc. add/etc/rc to local. firewallrules, so that these rules will take effect when the system starts.

Through the configuration above, we can establish a packet filtering firewall based on the Linux operating system. It has the advantages of simple configuration, high security and strong resistance. In particular, it can use idle computers and free Linux operating systems to build a firewall that minimizes investment and maximizes output.

Install the Linux firewall to ensure the network security of small and medium-sized enterprises.

  1. Learning Manual: Linux hardware query commands
  2. Measure the test taker's understanding about how to adjust the hard drive size of a virtual machine in Linux.
  3. Detailed description of VM access by Linux Host
  4. Summary of Linux Mint system discussions
  5. Easy understanding of Linux VMware Internet access settings

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
allow chrome to access network in firewall how to check firewall settings in linux how to install security certificate how to setup firewall in linux how to configure firewall in linux how to install redhat linux cisco network firewall
Related Article
Linux under the PS command Usage summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More