Lowth.com: TCP/IP Connection Cutting on Linux IPTABLES Based Firewalls
Jun 11, 2003, 04:00 (0 Talkback[s])
(Other stories by Chris Lowth)
[ Thanks to Chris Lowth
for this link. ]
"The use of linux systems as IP network firewalls and routers is
becoming increasingly popular. The cheapness of the software and
hardware combine with the flexibility and reliability of Linux's
networking support to make such a solution highly attractive. It is
often possible to deliver routing and fire walling facilities at a
fraction of the cost associated with systems provided by industrial
heavy-weights such as Cisco, Nortel and others.
"For the knowledgeable, an out-of-the-box linux distribution
such as 'RedHat' has many of the features required to build highly
personalized firewalls. For the less adventurous; there are
cut-down distributions available that are designed specifically for
this task. The UK based 'SmoothWall' and it's clone 'IPCop' are
good examples of such an approach; they are highly optimized
distributions that include a tiny subset of the software commonly
installed by the likes of RedHat, but add a powerful web-based
front end for the tasks of configuring and managing the system.
These solutions are ideal for small office or home networks.
"One advantage of using a Linux system in this way is the ease
with which it can be extended or modified. Software can be
downloaded from the Internet for free, compiled and installed onto
the system to add features such as web proxying (Smoothwall and
IPCop already have this), content filtering, anti-virus measures or
any other feature you desire.
"I have recently been working on a solution to the problems of
peer-to-peer traffic filtering on a Linux firewall, and have had to
develop a 'connection cutter' as part of the system, and it is this
tool that is described in this page..."