[ Thanks to Kellie
for this link. ]
“Firewalls are good and fun, but what do you do when you need to
make rapid, complex changes to your firewall rules? Easy. Use
Daniel Robbins’ dynamic firewall scripts that are demonstrated in
this article. You can use these scripts to increase your network
security and responsiveness, and to inspire your own creative
designs.”
“The best way to see the benefits of dynamic firewall scripts is
to see them in action. To do this, let’s imagine that I’m a
sysadmin at an ISP, and I’ve recently set up a Linux-based firewall
to protect my customers and internal systems from malicious users
on the Internet. To do this, my firewall uses the new Linux 2.4
iptables stateful functionality to allow new outgoing connections
to be established by my customers and servers, and of course to
allow new incoming connections, but only to “public” services, such
as web, ftp, ssh, and SMTP. Since I used a deny-by-default design,
any from-Internet connections to non-public services, such as the
squid proxy cache or Samba server, are automatically rejected. So
far, I have a pretty decent firewall that offers a good level of
protection for everyone at my ISP.”