PC Quest (India): A Firewall for Linux with IpchainsNov 12, 2000, 14:11 (0 Talkback[s])
(Other stories by Shekhar Govindarajan)
[ Thanks to Harry for this link. ]
"Ipchains is a packet-filtering firewall package. You can findan RPM of Ipchains in RedHat/RPMS in the latest PC Quest RedHat CD. First you have to check whether the Linux kernel supports Ipchains. For this, look for a file named ip_fwchains in /proc/net. If it's not there, then you will have to recompile your kernel. The KERNEL-HOWTO and IPCHAINS-HOWTO will help you. Ifthe file exists, then you can check whether Ipchains is already installed...."
"Ipchains is so called because it deals with IP packets at the Network Layer, and the rules defined in it are based on three builtin chains called input chain, output chain and forward chain. A rule can be something like "if the sourceof the packet is Sachin's machine, then deny access". Packets arriving atthe machine running Ipchains are compared against rules defined in the input chain. If these packets are destined for another machine, they are redirectedafter being compared against rules in the forward chain. The output chain processes packets going out of the firewall. Apart from these three, you can also have your own user-defined chains. The rules for each chain define access control based on source, destination, port, protocol or other information contained in IP headers."