| |
For all Linux systems and network administrators, a basic skill is knowing how to write from scratch a robust iptables firewall, and know how to modify it to adapt to many different situations. However, in the real world, it seems very few. The study of iptables is not a simple process, but here I recommend to you the following information outside the Internet, so you can use handy.
I believe that all administrators should thoroughly understand the Iptables, however, another alternative method is to use the excellent Linux firewall generation tool.
Firewall Builder
The first appearance is Firewall Builder, which is a complete graphical multi-platform firewall configuration and management of tools. It runs on iptables, ipfilter, OpenBSD's PF, Cisco PIX. By design, it is designed to hide the details of the rules, and focus on writing strategies. However, do not run on your firewall's Firewall Builder, because it requires X Windows. You need to run on a workstation, then copy the script to the firewall.
Firestarter
The second is the Firestarter, it is an excellent graphical firewall generation wizards that guide you step by step through the process of building a firewall. For shared a unique public IP address of the LAN NAT firewall, this is a good choice, and behind a firewall, it also has some public service, or a separate DMZ. It has to open or close the firewall some simple commands, you can view the status of view and current activities. You can run it on a headless computer, and remote monitoring of, or use it as a stand-alone firewall.
Shorewall
The third Shorewall is a popular firewall generator; it is more complex and flexible than the Firestarter, and it is suitable for more complex networks. Shorewall learning curve similar to iptables, but rich in its documentation, and provides solutions to different situations provided guidelines, such as a single host firewall, two, and three interfaces interface of the firewall, and the firewall with multiple public IP addresses, and so on. You can get a lot of help on filtering P2P services such as Kazaa rate limiting, QqS (Quality of Service), VPN passthrough and other content.
We recommend this to you three software designed to let you do not have to spend money to buy a commercial firewall software, which is in any case better than the built-in Linux and Unix packet filter. Users should be limited funds for the purchase of higher quality hardware. |
|
|
|