Not infrequently we hear on forums the story of some who had the displeasure of being the victims of a trojan or exploit attack. We are already beginning to get used to these problems that we probably had. Security is a matter of seriousness regardless of the operating system we use and is a priority in Linux. Here is an IPTABLES guide that can help you protect against attackers.
We will only discuss aspects of improving security with a Linux firewall, and we will not go into detailed explanations. The goal is just to understand some basics, not how to perform IP Masquerading for example. For such a thing, see the links at the end of this document.
What is a firewall?
A firewall is a way to control the data traffic that takes place between a computer and the network (s) to which it is connected, whether it is a local area network (LAN) or the Internet, in order to ensure computer security. respectively. The firewall can be found either in the form of a program running on the computer in question or on a separate computer in the network called a "gateway", or in the form of hardware devices, or in a combined form, both hardware and software.
How does a firewall work?
In principle, since any packet of data from computer traffic first passes through the firewall, it will, based on predefined rules, inspect the packets and decide whether access is allowed, either to your computer or from this.
Linux and software firewall
Under a Linux operating system (or GNU / Linux, as you like to call it), the role of software firewall is performed by netfilter, a set of functions integrated into the kernel, which combined, will give packet filtering rules . In the kernel versions of the 2.0.x series, the calling of these functions is done with the help of the ipfwadm system, in the 2.2.x series, with the ipchains system, and in the 2.4.x and 2.6.x series iptables is used. Because the 2.0 and 2.2 kernels (even 2.4) are outdated, we will continue to discuss only the iptables system. As a remark to what has been said so far, some refer to firewalls under Linux when mentioning programs such as Shoreline, Hardwall, etc. However, these programs do nothing but provide a user interface for easier configuration of iptables instructions.
Iptables - installation
In order to use netfilter / iptables, you must have it compiled into the kernel. If not, you will have to do it.
To do this, in the kernel configuration process, mark the following options for compilation:
CONFIG_NETFILTER, CONFIG_PACKET, CONFIG_IP_NF_IPTABLES, CONFIG_IP_NF_FILTER, CONFIG_IP_NF_MATCH_MAC, CONFIG_IP_NF_MATCH_MARK, CONFIG_IP_NF_MATCH_TOS, CONFIG_IP_NF_MATCH_STATE, CONFIG_IP_NF_MATCH_MULTIPORT, CONFIG_IP_NF_TARGET_REJECT, CONFIG_IP_NF_TARGET_LOG, CONFIG_IP_NF_FTP.
These are just the options that are needed to use a set of basic iptables features, for more advanced features you will need to compile other options, such as CONFIG_IP_NF_NAT, CONFIG_IP_NF_TARGET_MASQUERADE, CONFIG_IP_NF_CONNTRACK, CONFIG_IP_NFIM_ etc.
The actual compilation of a kernel is not the subject of this tutorial. Check if everything is fine by running iptables -L.