Linux under the Firewall (firewall) from the birth to the present, the firewall has experienced four stages of development: the first stage: the firewall based on the router, the second stage of the user Firewall tool sets; Phase III: A firewall built on a common operating system; Phase IV: A firewall with a secure operating system. At present, most of the world's firewall vendors are provided with a security operating system hardware and software combination of firewalls, like the name of Neteye, NetScreen, Talentit and so on. There are also a lot of firewall software on Linux operating systems, some are commercial versions of firewalls, and some are completely free and open source code firewalls. Most Linux tutorials mention how to use IPChains to build firewalls on Linux platforms. Setting up and managing firewalls in the Linux operating system is an important task for network system administrators.
Is there a portable Linux firewall that you can take with you? The answer is yes, and now I'd like to introduce a Linux firewall that can be installed in a normal floppy disk. The Linux firewall named FLOPPYFW can be stored in a normal floppy disk and run independently in RAM memory. It enables you to start your computer, use IPChains to filter out unwanted IP packets, and use it to configure IP camouflage (IP masquerade), the monitoring port, through which you can use the host to remotely control computers in other networks. The FLOPPYFW function is very powerful, but it requires a very low hardware environment, in addition to a floppy disk, as long as 8MB of memory is enough.
The most hardware devices required by FLOPPYFW are as follows: Minimum 8MB memory 3.5 "Floppy Display card keyboard monitor
Some Linux system load two network card, can make floppyfw normal work, this requires each network card IRQ and memory address are correct. Configuring a dual NIC in a Linux system is a trusted system administrator.
The FLOPPYFW supports the following network adapters. 3Com 3c509 NE2000 compatibles tulip-based Intel etherexpress PCI
About Software:
It is very easy to make a floppy disk that can be guided by FLOPPYFW. But you have to go to http://www.zelow.no/floppyfw/download/first to download FLOPPYFW to your computer's hard disk. FLOPPYFW the latest version should be 1.0.5 or higher, FLOPPYFW is a mirrored file that can use # dd if=floppyfw-1.0.5.img of=/dev/fd0 bs=72k
This command extracts the mirrored file and writes it to a prepared floppy disk.
About settings:
It should be noted that the normal floppy disk format is a DOS (FAT) format. In order to start the Linux system smoothly, we need to make some changes on this floppy disk. It is recommended that you use a different computer to modify this floppy disk, preferably if you modify it using the Mtools tool in your Linux system.
The following commands are used: $ cd/tmp$ mcopy a:config$ vi config$ mcopy config A:
If you are using a different operating system, I think you can use Notepad to make changes in Windows. On a floppy disk, we can see that FLOPPYFW has 5 files: Config (primary configuration file) Firewall.ini (filter Rule) modules.lst (additional IP_MASQ module) syslinux.cfg (kernel boot parameter) syslog. CFG (syslog configuration, such as/etc/syslog.conf)
In general, we do not need to modify Syslinux.cfg or modules.lst files. Our main task is to modify the config file. For the sake of simplicity and clarity, I don't want to explain too much about the specifics of config in this file, just to highlight a few important things at the end of the config file.
In (/bin/ash) find "Open_shell controls SHELL" This line of text, if your computer's memory less than 12MB, the only_8m set to "Y". Use_syslog can determine whether the SYSLOGD is running in the system, and Syslog_flags is the flag to judge the SYSLOGD initiation. Users can make changes according to their actual situation.
Appendix: Single configuration, this is a standard configuration checklist to pass the test. Because this Linux system does not provide DHCP services, the use of static IP, so only for users with similar services to provide reference. Click here to download the clear single
About filtering rules:
Now, let's take a look at the Firewall.ini file. No modification of the FLOPPYFW before the Firewall.ini file defaults to set static IP camouflage and deny access to some fixed ports. Because we need to build our own firewall, we need to modify the Firewall.ini file. We need a comprehensive set of filtering rules to close some of the ports we think are in danger before.
I will no longer explain how to set up ipchains here because of the length of the relationship. If you would like to know more detailed ipchains configuration and specific usage, refer to the following foreign Linux firewall ipchains configuration scheme.
The specific settings of the Firewall.ini filtering rules can refer to the Configuration List II (ftp://FTP.MFI.COM/PUB/SYSADMIN/2001/JAN2001.TAR.Z), which is a modified configuration. If you are unfamiliar with Linux firewalls, you can download the configuration list directly for reference or direct use.
Listing II provides the most basic DNS, SMTP, POP, NNTP, TELNET, SSH, FTP, HTTP, and whois services, and typically client computers can access the network through secure ports and use the above services. About Log
The general Linux system log files can be a lot of, mainly recording the system running some of the main parameters and records. As mentioned above, Syslog.cfg is a file that manages and logs log files. FLOPPYFW can record the control records in the Linux firewall system through this syslog.cfg file, such as keyboard errors, the display is not installed, etc. information is also recorded. This provides a favorable basis for the future system administrator to analyze and solve the system problems. Syslog.cfg settings are not difficult, first set the SYSLOG.CFG to a computer's master record file. For example, in the Red Hat system, you can achieve the goal by editing/etc/rc.d/init.d/syslog. If the IP of this computer is 192.168.1.2, then the SYSLOG.CFG will be configured as a consistent IP. A specific list of configurations can refer to "listing three" (ftp://FTP.MFI.COM/PUB/SYSADMIN/2001/JAN2001.TAR.Z)
Once you have configured the previous three major files, you can start the Linux system with this floppy disk to test.
If you encounter other problems in the configuration and test firewall, you can refer to the following URL: floppyfw by Thomas lundquist:http://www.zelow.no/floppyfw/linux firewalls by Robert L.. ziegler:http://linux-firewall-tools.com/linux/faq/
Finally, I would also like to introduce a very good Linux firewall Netmaxfirewall.
Netmax Firewall from the Cybernet Systems Company, the main features of the firewall is easy to install, stable operation, low demand for hardware, security protection effect is very ideal. Since the Netmax firewall is a step-by-step guide to user installation through a complete graphical user interface (GUI), Netmax firewalls can be said to be very suitable for Linux beginners and users who do not know much about Linux systems.
If you remember last August's LinuxWorld Conference & Expo Event, you may have seen Netmax firewalls at that Linux Fair show. Unlike other versions of firewalls, the Netmax firewall has a unique, secure web-based construct to protect the security of Linux systems. Configuring Netmax firewalls can be configured and debugged over the network, which is undoubtedly a great convenience for many users and system administrators. This is also one of the Netmax firewalls can attract people.
However, Netmax Firewall is not a free version of the firewall, if you need to install Netmax firewall, then you have to purchase a Netmax firewall CD, because the Netmax firewall does not support network installation mode. It takes 10 minutes to install the Netmax firewall using CD-ROM installation mode, which is much faster than using the network setup mode. If you need to know more Netmax firewall information or Purchase Netmax Firewall CD, please check the following URL: Cybernet Systems corporation:http://www.cybernet.com/
OK, let's take a look at the simple installation of the Netmax firewall.
Test platform: Processors: Pentium MMX memory: MB RAM Hard disk: 2.1 GB network: Two 3Com ISA 3c509b NICs System platform: Operating system: Red Hat Linux 6.2kernel:2.2.16
Before installing, you need to set up the BIOS on your computer's motherboard and use the CD-ROM drive to boot the computer. Put in the Netmax firewall CD.
The boot initialization screen of the Netmax firewall is similar to the installation initialization interface of Red Hat, and it is amazing that the copyright message for the Netmax firewall appears to have replaced the words Red Hat with Netma. Users who have installed red HAT are not unfamiliar at all. Netmax Firewall's development company says the Netmax firewall is based on Red Hat Linux distributions. So Red Hat Linux can get along well with the Netmax firewall.
After the initialization interface is loaded, the similarities between the Netmax firewall and red Hat Linux are even more pronounced. Then Netmax Firewall will try to analyze and find the hardware devices on the computer, because the Netmax firewall needs to install the necessary kernel module, if the Netmax firewall does not correctly identify the hardware and load the kernel module, it will display the wrong prompts to the user. The Netmax firewall does not install all of the things into Linux at once. It first asks the user for confirmation of the network configuration parameters in the Linux system. Then ask the user if they agree to proceed with the console-based installation. If you choose NO, the Netmax firewall starts Apache and provides users with a web-based URL parameter to specify and modify.
OK, if we choose "NO", the following installation will occur, and the Netmax Firewall will open the Web browser (KDE 2 's Konqueror) in the Linux system. If this is where we fill in a URL, then a wrong message will bounce off the screen. When the wrong information pops up, the Netmax firewall asks the user to fix the HTTPS URL. As for the reason for the error message to pop up, we are not clear yet, but there will be similar situations when we install and configure Apache in peacetime.
Following the Netmax firewall prompts to use HTTPS to correct the initialization of the installation, the Netmax firewall is really showing its authorization and abandonment information. This and general software at the beginning of the installation of the display of copyright, licensing and other information is different. Dot quot; Click here to continue for further installation. It should be noted that if you look closely, you will find that the Netmax firewall has 228 pages of manual usage. The manual contains "basic Problem solving", which can be viewed if you encounter problems installing and using the Netmax firewall. But not all of the problems we encounter during installation can find a way to solve them. The problem-solving methods listed on the manual are, after all, limited.
Because the Netmax firewall uses the graphical user interface installation mode, so long as you are familiar with the application software installation in the Linux system, installs and tests the Netmax firewall should be a very easy matter.