Generally, there are two policies for implementing the firewall function of Linux. One is to completely disable all input, output, and forward data packets, and then gradually enable various service functions according to the user's specific needs. This method is characterized by high security. However, you must fully consider the various service functions required by the user, and there must be no omissions, the system administrator is required to clearly know which services and ports need to be opened to implement certain services and functions. The second method is to enable all input and output data packets by default, and then disable some dangerous packets, IP spoofing packets, broadcast packets, ICMP service attacks, etc. For application layer services, such as HTTP, Sendmail, POP3, and FTP, you can choose to start or install them. Although this method is not as secure as the first method, it is easier to configure. You can configure a basic firewall system without having to know too much about the details of the ipchains command.
The proxy server I managed is IBM's netfinity3000, which is installed with RedHat Linux 6.2 and squid-2.3. There are two NICs, and the external Nic is eth0 (211.98.126.180 ), the Intranet card is eth1 (192.168.0.1), and the IP address of the client is 192.168.0.xxx. Configure a firewall as follows:
After installing the system, Log On As root and log on to/etc/rc. d. Use VI to create a script named firewall in the directory. run the command chmod 755 firewall. rules to make sure it is an executable file; then open/etc/rc with VI. d/RC. add/etc/rc to the local file. d/firewall. rules, make sure that the machine can execute the Set firewall rules every time it starts.
The content of the firewall. Rules file is omitted.
if your machine has only one network card and uses MODEM to dial up the Internet, the network card connecting to the internal network should be eth0, the IP address may be 192.168.0.1, and the external interface is ppp0, you only need. change eth0 in the rules file to ppp0. After setting the above firewall rules, you can go to/etc/inetd. in Conf, all unnecessary services are prohibited. Only FTP and telnet are retained, and/etc/hosts is set at the same time. allow and/etc/hosts. deny: only some internal management users are allowed to log on to the firewall. The above method runs successfully in the environment where the author is located and solves the problem of sending and receiving emails from Outlook Express.