[CentOS] firewall?

Sat Jul 16 17:03:16 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Keith Roberts wrote:
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
> 
> *snip*
> 
>> I wrote about "physical presence *outside* of your network", like if you
>> are on a large WISP that uses bridged network (bad design) and your
>> Wireless client is bridged, and you have single NIC firewall in place,
>> entire WISP's network will be able to sniff your traffic and hack into
>> unprotected workstations/desktops. And there are those scenarios, much
>> more then you can think.
> 
> Which is why one poster mentioned that you need to be 
> familiar with IPtables and Networking before trying to make 
> your machine(s) network(s) secure?
> 
> I read some time ago something about tunneling different 
> protocols through firewalls? which sounded quite scary.
> 

All firewalls (on Linux at least) are by default closed, and you need 
knowledge to punch through the wholes for your public services.

Its something like this:

Deny all (other) connections

then you add few rules and it looks like this:

Allow service listening on port X
Allow service listening on port Y
Allow service listening on port Z
Allow service coming from IP A (and port W)
Allow service coming to IP B (and port U)
Deny all (other) connections

Packets are sent through the chain (of the rules like above) and when 
they hit some rule, desired action is performed and that packet (mostly)
stops going down the chain, so it does not hit bottom rule. If packet 
does not mach any "allow" rule, then it will hit (one of) deny rule and 
that connection will be terminated.

If you want easy to understand Firewall/router PC based on RHEL/CentOS 
try ClearOS, and if you want it *on* the CentOS I suggest to check 
shorewall.

www.shorewall.net is also excellent site to learn about firewalls and 
routers in general with lot's of examples.

Ljubomir