& Nbsp; a basic skill for all Linux systems and network administrators is to know how to write a strong iptables firewall from the beginning and how to modify it, adapt to different situations. However, in the real world, this seems to be rare. Learning iptables is not
A basic skill for all Linux systems and network administrators is to know how to write a strong iptables firewall from the beginning, and how to modify it to adapt it to different situations. However, in the real world, this seems to be rare. Learning iptables is not a simple process, but I recommend the following information on the Internet to you, so that you can use it easily.
I believe that all administrators should thoroughly understand Iptables. However, another alternative method is to use an excellent Linux firewall generation tool.
Firewall Builder
The first appearance was Firewall Builder, a comprehensive multi-platform graphical Firewall configuration and management tool. It runs on iptables, ipfilter, OpenBSD PF, and Cisco's PIX. Through design, it hides the details of Rule design, and focuses on writing policies. However, do not run the firewall generator on your real firewall because it requires X Windows. You need to run the script on a workstation and copy it to the firewall.
Firestarter
The second is Firestarter, which is an excellent graphical firewall generation wizard that can guide you step by step through the firewall building process. This is a good option for a NAT firewall that shares a unique public IP address with the LAN, and after the firewall, it also has some public services or a separated DMZ. It has some simple commands to enable or disable the firewall, allowing you to view the status view and current activity. You can run it on a headless computer and remotely monitor it, or use it as an independent firewall.
Shorewall
Third, Shorewall is a popular firewall generator. it is more complex and flexible than Firestarter and is suitable for more complex networks. The learning curve of Shorewall is similar to iptables. However, it provides a wide range of documents and provides guidance on solutions to different situations, such as a single host firewall, two interfaces and three interface firewalls, and firewalls with multiple public IP addresses. You can get a lot of help on filtering P2P services, such as Kazaa speed limit, QqS (quality service), VPN transfer and conversion.
We recommend these three software to you so that you don't have to pay for commercial firewall software. The latter, in any case, is inferior to built-in Linux and Unix package filters. Users should spend limited funds on purchasing higher quality hardware.