From the emergence of the firewall in Linux to the present, the firewall has gone through four major stages of development: the first stage: Router-based firewall; the second stage: user-based firewall tool kits; the third stage: A firewall built on a general operating system; Stage 4: A firewall with a secure operating system. Currently, most Firewall vendors in the world provide a combination of software and hardware with secure operating systems, such as NETEYE, NETSCREEN, and TALENTIT. There are also a lot of firewall software on Linux operating systems, some of which are commercial version firewalls, some of which are completely free and open source code firewalls. Most Linux tutorials refer to how to use IPCHAINS to build a firewall on the Linux platform.
Setting and managing firewalls in Linux operating systems is an important task for network system administrators. Generally, configuring a firewall requires a lot of technical work. Both commercial and free firewalls require software and hardware configuration on the Linux platform.
Is there a Linux firewall that can be carried with you for ease of use? The answer is yes. Now I will introduce you to a Linux firewall that can be installed on a general floppy disk. The Linux Firewall named floppyfw can be stored in a general floppy disk and run independently in RAM memory. Use it to start the computer, use ipchains to filter out useless IP packets, and use it to configure IP disguised IP masquerade), monitor the port, you can use a host to remotely control computers in other networks. Floppyfw is very powerful, but it requires a very low hardware environment to run. In addition to a floppy disk, 8 MB of memory is enough.
Floppyfw requires the following hardware devices::
Minimum 8 MB memory
3.5 "soft drive
Display Card
Keyboard
Display
In some Linux systems, two NICs can be installed to make Floppyfw work normally. This requires that the IRQ and memory address of each Nic be correct. I believe many system administrators are familiar with configuring dual NICs in Linux.
Floppyfw supports the following NICs.
3Com 3c509
NE2000 compatibles
Tulip-based
Intel EtherExpress PCI
About Software:
It is very easy to make Floppyfw into a portable soft disk. But you need to first download Floppyfw to the computer's hard disk in http://www.zelow.no/floppyfw/download. The latest version of Floppyfw should be 1.0.5 or later. Floppyfw is an image file and can be used
# Dd if = floppyfw-1.0.5.img of =/dev/fd0 bs = 72 k this command decompress the image file and write it to the prepared floppy disk.
About settings:
Note that the general format of a floppy disk is "DOSFAT. In order to start the Linux system smoothly, we need to make some modifications on this floppy disk. We recommend that you use another computer to modify this floppy disk. It is better to use the MTOOLS tool in Linux.
Run the following command:
$ Cd/tmp
$ Mcopy a: config
$ Vi config
$ Mcopy config:
If you are using another operating system, you can use NotePad to modify it in WINDOWS. On a floppy disk, we can see that floppyfw has a total of five files:
Config (main configuration file)
Firewall. ini (filter rules)
Modules. lst (additional ip_masq module)
SysLinux. cfg (kernel startup parameters)
Syslog. cfg (syslog configuration, such as/etc/syslog. conf)
In general, we do not need to modify the sysLinux. cfg or modules. lst file. Our main task is to modify the config file. To illustrate the problem in a simple and clear way, I don't want to explain the specific configuration list in the config file too much here, but I just want to explain several important items at the end of the config file.
Find "OPEN_SHELL controls shell" in (/bin/ash). If your computer memory is less than 12 MB, set ONLY_8M to "Y ". USE_SYSLOG can be used to determine whether syslogd is running in the system, while SYSLOG_FLAGS is used to determine whether syslogd is started. You can modify it based on your actual situation.
Appendix:Configuration List 1: a standard configuration list that passes tests. Because the DHCP service is not provided in this Linux System and the static IP address is used, it is only for reference by users with similar services. Click here to download list 1
Filter rules:
Now, let's take a look at the firewall. ini file. The firewall. ini file of floppyfw is not modified. By default, static IP addresses are set to disguise and deny access to some fixed ports. Because we need to build our own firewall, we need to modify the firewall. ini file. We need to comprehensively set filtering rules to close ports that we think are in danger.
I will not explain how to set ipchains here because of the length. If you want to learn more about the ipchains configuration scheme and usage, we recommend that you refer to the following foreign Linux Firewall ipchains configuration scheme.
For more information about setting the filter rules for firewall. ini, see configuration List 2 (ftp: // ftp.mfi.com/pub/sysadmin/2001/jan2001.tar.z). This is a modified configuration. If you are not familiar with the Linux firewall, you can directly download this configuration list for reference or use.
List 2 provides the most basic DNS, SMTP, POP, NNTP, TELNET, SSH, FTP, HTTP, and WHOIS Services, generally, client computers can access the network and use the above services through secure ports.
About LOG
Generally, there are many LOG files in Linux systems, mainly recording some of the main parameters and records in system operation. As mentioned above, syslog. cfg is a file for managing and recording logs. Floppyfw can use this syslog. cfg file to record control records in the Linux firewall system, such as keyboard errors, display installation, and other information. This provides a favorable basis for system administrators to analyze and solve system problems in the future. It is not difficult to set syslog. cfg. First, set syslog. cfg to the master record file of a computer. For example, in the Red Hat system, you can edit/etc/rc. d/init. d/syslog to achieve the goal. If the IP address of this computer is 192.168.1.2, configure the same IP address in syslog. cfg. For specific configuration list, see "list 3" (ftp: // ftp.mfi.com/pub/sysadmin/2001/jan2001.tar.z)
Once you have configured the first three main files, you can use this floppy disk to start the Linux system for testing.
If you encounter other problems in configuring and testing the firewall, you can refer to the following URL:
Floppyfw by Thomas lundquest:
Http://www.zelow.no/floppyfw/
Linux firewils by Robert L. Ziegler:
Http://Linux-firewall-tools.com/Linux/faq/
Finally, I would like to introduce NetMAXFireWall, a quite good Linux firewall.
NetMAX FireWall comes from Cybernet Systems. The main feature of NetMAX FireWall is its ease of installation, stable operation, low hardware requirements, and extremely effective security protection. Because NetMAX firewall is step-by-step guided by completely graphical user interface GUI), NetMAX firewall is very suitable for Linux beginners and users who do not know much about Linux systems.
If you still remember the LinuxWorld Conference & Expo event in last August, you may have seen NetMAX firewall participate in the presentation of the Linux Expo. Unlike other versions of firewalls, NetMAX firewalls have unique and secure Web-based structures to protect the security of Linux systems. Configuring the NetMAX firewall can be configured and debugged through the network, which undoubtedly provides great convenience for many users and system administrators. This is one of the highlights of NetMAX firewall.
However, NetMAX firewall is not a free version. If you need to install NetMAX firewall, you have to purchase a NetMAX firewall disc because NetMAX firewall does not support the network installation mode. Installing NetMAX firewall in CD-ROM disc installation mode takes 10 minutes, much faster than using network installation mode. If you want to learn more about NetMAX firewall or buy a NetMAX firewall disc, visit Cybernet Systems Corporation: http://www.cybernet.com/
Okay. Let's take a look at the simple installation of the NetMAX firewall.
Test Platform:
Processor: Pentium 200 MMX
Memory: 64 MB RAM
Hard Disk: 2.1 GB
Network: Two 3Com ISA 3c509B Blocks
System Platform:
Operating System: Red Hat Linux 6.2
Kernel: 2.2.16
Before installation, you need to set the BIOS on the computer motherboard to boot the computer with a CD-ROM drive. Put the NetMAX Firewall CD.
The boot initialization screen of the NetMAX firewall is similar to the installation and initialization interface of red hat. What's amazing is that the copyright information of the NetMAX firewall prompts that the word "red hat" is changed to "NetMA. Users who have installed red hat are no stranger at all. The NetMAX firewall development company said the NetMAX firewall was designed based on the Red Hat Linux release. So Red Hat Linux can get along well with the NetMAX firewall.
After loading the initialization interface, the similarities between the NetMAX firewall and Red Hat Linux are even more obvious. Then, the NetMAX firewall will try to analyze and find the hardware devices on the computer, because the NetMAX firewall needs to install the necessary kernel module. If the NetMAX firewall cannot correctly identify the hardware and load the kernel module, it displays an error message to the user. NetMAX firewall does not install anything in Linux at once. It will first ask the user to confirm the network configuration parameters in Linux. Then, ask whether you agree to continue the console-based installation. If "NO" is selected, the NetMAX firewall will start Apache and provide users with a network-based URL parameter for users to specify and modify.
Well, if we select "NO", the following installation will occur, and the NetMAX firewall will open the WEB browser (KDE 2's Konqueror) in the Linux system ). If this is a URL, an error message will pop up on the screen. When the error message pops up, the NetMAX firewall requires the user to correct the https URL. As for the cause of the error message pop-up, we are not clear yet. However, similar situations may occur when we install and configure Apache at ordinary times.
According to NetMAX firewall prompts, after using https to correct the initialization and installation, NetMAX firewall displays the authorization and abandonment information. This is different from the general software that displays copyright, authorization, and other information at the beginning of installation. Point? Quot; Click here to continue "to install the SDK. Note that, if you observe carefully, you will find that there are as many as 228 pages of NetMAX firewall user manual. The manual contains "Basic troubleshooting methods". If you encounter any problems when installing and using the NetMAX firewall, you can refer to this manual. However, not all problems we encounter during installation can be solved. The solutions to the problems listed in the manual are limited.
Because NetMAX firewall adopts the installation mode of graphical user interfaces, as long as you are familiar with the installation of application software in Linux, installing and testing the NetMAX Firewall should be very easy.