Thank you all for the good replies you gave me already, I will have some info to go through.
One thing is that I see that everybody in this list is talking about firewall scripts. What do those scripts actually? Do they just configure the system for it to be like a firewall? Is the firewall a feature of Linux and you just need to configure it? Are there additional firewalls to install as an application?
Usually, we just talk about scripts, no additional products as a kernel extension would be. The script has the task of giving certain things a name so that the more or less experienced user/admin can easily configure the setup. There is always a narrow path to go btw making the thing more complicated or easier to use. It's best to try it out and to dig into it for a few minutes. I find that it's best to know what's going on behind the scenes. The firewall-initialization script can just be as easy as ipchains -F input # blocks this network, logging: ipchains -A input -p tcp -j DENY -l -s 123.234.0.0/255.255.0.0 # pop connection ipchains -A input -p tcp -j ACCEPT -s my-mailrelay.provider.com -d 0/0 110 # mails out, smtp ipchains -A input -p tcp -j ACCEPT -s my-mailrelay.provider.com 25 # irc ipchains -A input -p tcp -j ACCEPT -s my-ircserver 6667 # http traffic: ipchains -A input -p tcp -j ACCEPT -s 0/0 80 # blackhole all the rest: ipchains -A input -p tcp -j REJECT # DNS traffic inbound: ipchains -A input -p udp -j ACCEPT -s my-dns 53 # blackhole all UDP: ipchains -A input -p ucp -j DENY # log all ICMP, let it through: ipchains -A input -p icmp -j ACCEPT -l
Also, what is the technology used in those firewalls? I mean it could be static and/or dynamic, port oriented and/or application oriented.
These rules above are all static, poked into the kernel by the ipchains command. They happen on ISO/OSI layer 3+4 (ip, (tcp,udp,icmp)). So you see, there's no rocket science behind it.
I just hope that those questions do not seem ridiculous in the world of Linux. At least they are not in "the other world".
Not at all. Some things in the docs have been written with small facts taken granted already. The best time to start writing about something is when you learn it.
Patrick
Roman.
--
- -
| Roman Drahtmüller