Setting up a firewall for individual users in a Linux Firewall
Source: Internet
Author: User
Article Title: setting up a firewall for individual users who build a Linux Firewall. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
As an example, we create a firewall for a common home user. Assume that the home user generally uses his computer for Internet browsing and email. All we need to do is allow all necessary connections to pass, and disable all irrelevant connections. The content of the firewall configuration file is as follows:
1 * filter
2: input drop [0: 0]
3: forward drop [0: 0]
4: output drop [0: 0]
5
6 # Allow local loopback connection
7-a input-I lo-j ACCEPT
8
9 # drop illegal connection
10-a input-m state -- state INVALID-j DROP
11-a output-m state -- state INVALID-j DROP
12-a forward-m state -- state INVALID-j DROP
13
14 # Allow all established and related connections
15-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT
16-a output-m state -- state ESTABLISHED, RELATED-j ACCEPT
17
18 # DNS servers of the ISP that can be connected
19-a output-d 2.3.4.10-m state -- state NEW-p udp -- dport 53-o eth0-j ACCEPT
20-a output-d 2.3.4.11-m state -- state NEW-p udp -- dport 53-o eth0-j ACCEPT
21
22 # allow external connection to the Web server
23-a output-d 0/0-m state -- state NEW-p tcp -- dport http-o eth0-j ACCEPT
24-a output-m state -- state NEW-p tcp -- dport https-o eth0-j ACCEPT
25
26 # allow external connections to the SMTP and POP3 servers of the ISP
27-a output-d 2.3.4.5-m state -- state NEW-p tcp -- dport smtp-o eth0-j ACCEPT
28-a output-d 2.3.4.5-m state -- state NEW-p tcp -- dport pop3-o eth0-j ACCEPT
29
30 # record other external connections
31-a output-o eth0-j LOG
32 # DROP external connection by default
33
34 COMMIT
The meaning of a specific command line can be easily understood by referring to the above, which is not described here. In fact, as long as we are familiar with the firewall settings in a specific environment, we can easily create corresponding firewalls for other application environments.
Prepared remarks:
Here, we introduce how to use iptables to create a firewall in Linux. In fact, due to different requirements, there is no complete firewall guide. We can only learn the basic concepts and terms on our own.
With the development of computer technology, system security has become a familiar and unfamiliar topic. Because the computer world is becoming a collection of network functions, but in terms of concept, the network and security are fundamentally contradictory. The purpose of the network design is to achieve the openness of a computer as much as possible, while security should achieve the closeness of a computer as much as possible.
Therefore, the security discussed in reality is to find a balance between the two and a balance that is acceptable to users. In this sense, computer security is an endless topic. Therefore, there is no ultimate security solution in the computer field. That is to say, security is a relative concept for computers.
In addition, it is recommended to learn some knowledge about TCP/IP. For more information about iptables, see the following link. This is a very good iptables Tutorial:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.