Dynamic Iptables firewall DYNFW

Firewalls are a very important network security tool, but how do you do this if you need to make fast, complex, dynamic changes to the firewall rules? If you use the dynamic firewall script of Daniel Robbins described in this article, this will be a very easy job. You can use these scripts to enhance your network security and real-time response to network attacks, and based on the script to carry out their own creative design.

The best way to understand the benefits of a dynamic firewall script is to look at their application in practice. Assuming I am a system administrator for an ISP, I recently set up a Linux based firewall to protect my customers and internal systems from attacks by external malicious users. To implement this system, I used the new Linux2.4 kernel iptables tool to allow customers and internal servers to connect to the Internet, and to create new connections from the Internet to the internal system's public services such as Web servers, FTP servers, and so on. Because I used the default denial of any service, only open the allowed services policy, so from the Internet to non-public services such as squid Agent service, Samba service connection is denied. At present, I have a fully functional firewall system to meet the security requirements, which can provide a good protection for all users of the ISP.

The first one weeks of firewall work was good, but then something bad happened. bob-An attacker attacked my network with a Dos attack on my client using a spam datagram that flooded my ISP network. Unfortunately, Bob has studied my firewall carefully, knowing that although I'm protecting my internal services, 25 ports and 80 ports are open for Emai and open WWW services. Bob decided to make a Dos attack on my email and WWW server.

1-2 minutes after Bob started the attack, I found that there was a serious congestion on my line. I found out by tcpdump that this was an attack from Bob. And I got the address of its attack source. Now I need to block these IP addresses from connecting to my public server. Let me discuss a simple and convenient solution.

Block attacks

I immediately took action to load my firewall startup script and use VI to edit the iptables rules to block the datagram of the source address of these Bob's malicious attack data. About a minute later I found the location to add a new drop rule in the firewall startup script, I immediately added a new rule and restarted the firewall. Soon the firewall played a role, and Bob's attack was contained. Now it seems that I successfully defeated Bob's attack, but soon the network on duty phone rang again, the original is the customer found that the network is not available and call over the complaint phone. But what was even worse was a few minutes later I noticed that my Internet connection was starting to have a serious blockage. I looked carefully at the original Bob using a new IP address to attack. I had to change the firewall startup script again to prevent it from attacking. I just keep on trying to get behind Bob's butt.