Computer Bits: Firewalling with iptablesFeb 27, 2000, 16:32 (1 Talkback[s])
(Other stories by Paul Heinlein)
"The reason for firewalling is obvious: We want to protect our computer from unwanted vistors, whether they are malicious or just curious. Firewalls are merely a set a rules that determine what we do with any given packet of information going to or coming from another computer on a network: allow it to proceed, return it with an error message, or drop it entirely."
"My home Linux boxes, for example, provide a number of services to my home network: telnet connections, network drive sharing via NFS and Samba, an FTP server, and a MySQL database server. I occasionally want to connect to the Internet, but I don't really want folks out there on the Net snooping around those services. Instead of shutting down all my network services every time I fire up the modem, I've written a set of firewall rules that (hopefully) keep unwanted visitors away...."
"In many ways, iptables behaves like the older ipchains. They both use the criteria listed above to inspect IP packets to see if they should be allowed into, out of, or through your machine. Both are based on the concept of rule chains, which are essentially a series of inspection rules. Finally, both have three default chains...."