Inexpensive Internet Security Firewall Solution

How to Set up Computer Firewalls on a Linux Server

Oct 22, 2009

Computer firewalls need to be secure. Setting one up on a Linux Server using a basic script can be quite easy and does not have to be costly.

Setting up network protection is very important for any company that has access to the outside world via the Internet. A secure network firewall can be installed at very little cost by using a Linux server. All that is needed is a Linux server with at least two network cards.

Linux Firewall

Linux firewalls use “iptables”. The best way of creating a firewall with “iptables” is to write a scripts.

The first item in the script is a routine that deletes out any previous firewall rules (flushing) and then blocks everything. Once everything has been blocked, add to the script to allow connections as needed.

Creating a Linux Firewall Script

Create a file called “firewall.sh” and give it execute permissions. The correct permissions can be given using the “chmod” command as follows:

Save the file in /usr/local/sbin directory. That way the script can be run from anywhere within the directory structure by typing “firewall.sh”.

Declaring the Network Cards

In order for the firewall script to be more readable, declare network cards at the top of the script as follows:

From now on use $EXT when referring to eth0 and $INT when referring to eth1, and so on.

Flushing all your Rules

The next thing is to flush the Filter table. Any NAT tables will need to be flushed. This can be accomplished with the “iptables -F” command. Type the following into the script. The -F serves to flush the tables.

Logging

One of the important things needed on a firewall is a logging system. To set up logging on for the firewall, add the following right a the bottom of the firewall.

In some distributions of Linux, the firewall logging is captured in the /var/log/messages file by default. It is a very good idea to enable logging as this will assist in trouble shooting if the firewall doesn't work as expected.

Setting up a Default Policy to Block all

The default policy for the INPUT, OUTPUT and FORWARD filters table should be DROP/DENY all packets. This should come after the tables have been flushed, telling the firewall to block everything. Once the firewall has been told to drop all traffic by default one can go about opening the ports as needed.

Below the section for flushing the firewall add the following to “drop all” in each of the filter tables:

Anything that doesn’t match any of the policies that follow, will be subject to the default policy, which in this case is “DROP".

Open up the Network Firewall only for what is Needed

After the firewall is closed to all traffic by default and logging has been enabled, it is time to allow just the ports and protocols that are really needed

Before embarking on designing and implementing a firewall one should research all aspects of network security. This will ensure optimal security from any risk, whether from within or from outside the company.

Peter Hupston, IT Manager Legalwise S.A., Article "Linux Firewall", 21 October 2009

The copyright of the article Inexpensive Internet Security Firewall Solution in Computer Networking is owned by Fleur Hupston. Permission to republish Inexpensive Internet Security Firewall Solution in print or online must be granted by the author in writing.