Network security is getting more and more attention from small and medium-sized enterprises. In Linux systems used by small and medium-sized enterprises, how can we ensure network security? Linux firewall is required. How can I install the Linux firewall? This article explains how to install the Linux firewall.
Assume that a LAN is connected to the Internet and the public network address is 202.101.2.25. According to RFC1597, the private address of the Intranet uses the class C address 192.168.0.0 ~ 192.168.255.0. For convenience, we use three computers as an example. In fact, it can be expanded to a maximum of 254 computers.
The procedure is as follows.
Install two NICs ech0 and ech1 on a Linux host, assign a private Intranet address 191.168.100.0 to the ech0 Nic, and assign a public network address 202.101.2.25 to the ech1 Nic, used to connect to the Internet.
On a Linux host, configure access, forwarding, outbound, and user-defined links. This article uses the rules that allow inbound and outbound information and forward packets, but prohibit some dangerous packets, such as IP spoofing packets, broadcast packets, and ICMP attack packets.
The specific settings are as follows.
(1) Refresh all rules
- /sbin/ipchains -F forward
- /sbin/ipchains -F input
- /sbin/ipchains -F output
(2) set initial Rules
- /sbin/ipchains -A input -j ACCEPT
- /sbin/ipchains -A output -j ACCEPT
- /sbin/ipchains -A forward -j ACCEPT
(3) set local loop rules
- /sbin/ipchains -A input -j ACCEPT - i lo
- /sbin/ipchains -A output -j ACCEPT - i lo
Packets between local processes can pass.
(4) IP spoofing prohibited
- /sbin/ipchains -A input -j DENY
- - i ech1 - s 192.168.100.0/24
- /sbin/ipchains -A input -j DENY
- - i ech1 - d 192.168.100.0/24
- /sbin/ipchains -A output -j DENY
- - i ech1 - s 192.168.100.0/24
- /sbin/ipchains -A output -j DENY
- - i ech1 - d 192.168.100.0/24
- /sbin/ipchains -A input -j DENY
- - i ech1 -s 202.101.2.25/32
- /sbin/ipchains -A output -j DENY
- - i ech1 -d 202.101.2.25/32
(5) prohibit broadcast packets
- /sbin/ipchains -A input -j DENY
- - i ech0 - s 255.255.255.255
- /sbin/ipchains -A input -j DENY
- - i ech0 - d 0.0..0.0
- /sbin/ipchains -A output -j DENY
- - i ech0 - s 240.0.0.0/3
(6) set ech0 forwarding rules
- /sbin/ipchains -A forword -j MASQ
- - i ech0- s 192.168.100.0/24
(7) set ech1 forwarding rules
- /sbin/ipchains -A forword -j ACCEPT
- - i ech1- s 192.168.100.0/24
- /sbin/ipchains -A forword -j ACCEPT
- - i ech1- d 192.168.100.0/24
Save the rule to/etc/rc. in the firewallrules file, use chmod to grant the File Execution permission. In the/etc/rc. d. rc. add/etc/rc to local. firewallrules, so that these rules will take effect when the system starts.
Through the configuration above, we can establish a packet filtering firewall based on the Linux operating system. It has the advantages of simple configuration, high security and strong resistance. In particular, it can use idle computers and free Linux operating systems to build a firewall that minimizes investment and maximizes output.
Install the Linux firewall to ensure the network security of small and medium-sized enterprises.
- Learning Manual: Linux hardware query commands
- Measure the test taker's understanding about how to adjust the hard drive size of a virtual machine in Linux.
- Detailed description of VM access by Linux Host
- Summary of Linux Mint system discussions
- Easy understanding of Linux VMware Internet access settings