Roll Your Own Firewall - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: March 16th, 2010

Linux Advisory Watch: March 14th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Roll Your Own Firewall

User Rating:

How can I rate this item?

Source: Nuxified - Posted by Eric Lubow

Over the years I have learned how to roll my own firewall script and call it from /etc directory. Of course, my firewall is only INPUT based, instead of INPUT and OUTPUT based, but I find that building an INPUT/OUTPUT based firewall is tremendously difficult and not really all that necessary if you use good download practices on your Linux server or PC and/or if you're already behind a NAT router (such as a home-based DSL or cable router or wireless router) or other firewall.

If you're scratching your head on what I mean by INPUT and OUTPUT, then just think about you being inside a house that has a front door (INPUT), and a backdoor (OUTPUT). When you surf the web, you first start sending packets of data out your backdoor (OUTPUT). Then, packets return and come in your front door and then you see them. In some cases, some packets need to travel back out your backdoor (OUTPUT) in order to establish or continue a connection. To complicate things, imagine multiple front doors and backdoors, and your ability to direct traffic through these doorways through something called rules, which we explain in a moment.

Read this full article at Nuxified