Skip to main content
Welcome guest. | Register | Login | Post
On Nuxified.org we provide resources on key open source technologies in belief that open source plays a crucial part in empowering individuals, improving society, and creating a better future.

Roll Your Own Firewall


BRIEF INTRODUCTION TO FIREWALLS

Over the years I have learned how to roll my own firewall script and call it from /etc directory. Of course, my firewall is only INPUT based, instead of INPUT and OUTPUT based, but I find that building an INPUT/OUTPUT based firewall is tremendously difficult and not really all that necessary if you use good download practices on your Linux server or PC and/or if you're already behind a NAT router (such as a home-based DSL or cable router or wireless router) or other firewall.

If you're scratching your head on what I mean by INPUT and OUTPUT, then just think about you being inside a house that has a front door (INPUT), and a backdoor (OUTPUT). When you surf the web, you first start sending packets of data out your backdoor (OUTPUT). Then, packets return and come in your front door and then you see them. In some cases, some packets need to travel back out your backdoor (OUTPUT) in order to establish or continue a connection. To complicate things, imagine multiple front doors and backdoors, and your ability to direct traffic through these doorways through something called rules, which we explain in a moment.


As announced on my blog , I will soon move from my beloved Debian etch (or testing) to the upcoming Fedora Core 5.

How did I come to take such a decision?
I love several things in Debian. I run a Debian etch on my laptop, my old PC runs a Windows 2000 unconnected to the Net and is used for gaming; my company's servers run on Debian sarge except for the webserver, hosted somewhere else that run a nicely tuned Free BSD. Debian to me means the experience of one of the most authentic GNU and Free Software systems and in some sense, lifestyle.


At my house, I'm a dad who uses Linux. I have some kids. They're starting to grow up and go to more questionable sites on the Internet (on urging from friends) and it's my job to police it. I am one of these dads who think that kids get enough exposure to bad stuff from TV, movies, and the public schools, and I don't think they need any more influences until their minds are mature enough to handle it. I also limit the kinds of movies they watch and the kinds of TV shows too. With my oldest child, I have let her watch a bit more than her younger brother, so I mean to say that I'm not the meanest dad in the world. I really do let a kid grow up -- I just try to wait until I think their minds are mature enough to wrap around certain concepts and strong enough to fend off peer pressure.