This HOWTO is intended for users already familiar with networking under linux. It does not cover detailed information about how to compile the kernel, how to install and use diald, how to set up networking or ppp. There are various HOWTOs, FAQs or other documents on these subjects.
Firewalls are a very serious thing depending on the knowledge of the maintainer. Thereīs no 100% security even when you are the best on that issue - who of course you are ;)
I appologize for any mistakes. Please keep in mind: My primary language is german, so mistakes are very reasonable.
Bundled with this HOWTO you should have received 10 shell scripts
rc.firewall.diald.add, rc.firewall.diald.del,
rc.firewall, rc.firewall.var, all for use with ipfwadm and
kernel 2.0.x, rc.firewall.ipchains.diald.add,
rc.firewall.ipchains.diald.del, rc.firewallipchains.,
rc.firewall.var.ipchains, all for use with ipchains and kernel 2.2.x,
countRules.pl and fwlist, some helpful tools. If not please
download them from the main site (see above).
This HOWTO only describes a packet-filtering firewall. Application-filtering firewalls will be added in a future version.
I appreciate any comments about this document. PLEASE REPORT ANY INACCURACIES IN THIS PAPER!!! I am human and thus I am making mistakes. If you find any, fixing them is of my highest interest, so let me know!
All your emails will be read and answered. Please use a subject like "your Firewall-HOWTO" for sorting these important emails. But please donīt be angry if I donīt answer your emails soon. I do have a life beyond computers and I am busy doing some other stuff - like earning money ;).
I AM NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THIS DOCUMENT OR THE INCLUDED SCRIPTS!!!
This document is meant to help set up a packet-filtering firewall in a special environment, using diald and dynamic assigned IP addresses.
I am not, nor do I pretend to be, a security expert. This document is based on my own knowledge which I got from reading various papers and from testing it on my own LAN. Although I tried to do my very best I give no warranty that everything stated here is ok. Mistakes can occurr due to too less knowledge or new situations arising which I didnīt know yet.
Thanks to the Linux community to make it possible to find so much good information on this item!
Please, I am writing this to help get people acquainted with this subject, and I am not ready to stake my life on the accuracy of what is in here.
Special thanks goes to Ambrose Au <ambrose@writeme.com> for his IP Masquerading Mini-HOWTO, to Mark Grennan <markg@netplus.com> for his Firewalling and Proxy Server-HOWTO and the whole Linux community to make it possible to create a low cost system with high performance and all required services!
Also I have to thank Florian Reif <the_plague@gmx.net> for his beta testing on SUSE Linux and some very helpful hints on modem connections!
And remember:
"Linux is like a wigwam: no windows, no gates ... apache inside!" (Author unknown but honored)
Unless otherwise stated, Linux HOWTO documents are copyrighted by their respective authors. Linux HOWTO documents may be reproduced and distributed in whole or in part, in any medium physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged; however, the author would like to be notified of any such distributions.
All translations, derivative works, or aggregate works incorporating any Linux HOWTO documents must be covered under this copyright notice. That is, you may not produce a derivative work from a HOWTO and impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions; please contact the Linux HOWTO coordinator.
In short, I wish to promote dissemination of this information through as many channels as possible. However, I do wish to retain copyright on the HOWTO document and the shell scripts, and would like to be notified of any plans to redistribute the HOWTO or shell scripts.
If you have any questions relating to this HOWTO or the shell scripts, please contact Sandro Poppi at <spoppi@gmx.de>
One dealing with firewalls should have read various HOWTOs. She/he should at the minimum level have read and understood
Additionally you should be familiar with TCP/IP at the protocol level (tcp, udp, icmp, ip, ...) and know how to work with tcpdump which is very helpful in debugging the packets sent on the net.