| HOME |
| ANALYSIS |
| BUSINESSES |
| DATABASE |
| DESKTOP |
| FILESERVER |
| FIREWALL |
| INTRANET |
| PHILOSOPHY |
| SECURITY |
| TECHNICAL |
| TRAINING |
It used to be that a dial-up connection would only service a single computer, then someone realised that with a firewall, a whole local network can use a single internet link. Of course, Linux and BSD were the first choices for firewall technology.
The along came ADSL, and firewall technology became an appliance
as most ADSL modems got a full router and firewall built in.
A well configured ADSL modem can represent excellent value
for a small network. Not only can you run multiple machines
through a single Internet link but with
port forwarding
you can run your own servers, inside your network,
with controlled levels of public access.
Does the appliance style ADSL modem/router/combo make the Linux firewall obsolete?
Like all questions about technology application, the answer is sometimes
.
The paragraphs below outline some of the possible benefits
of using a more complex gateway than an appliance modem.
The Linux iptables system gives very fine control over the type of access you allow onto your network. For example, you may find that there are a regular group of culprits attempting to probe your network, attempting to break into your servers and attempting to deliver spam mail. Of course you need to harden everything against such malicious intrusion but once you identify the regular offenders, maintaining a firewall blacklist can be a helpful way to avoid unnecessary traffic and give these people a clear message that you don't want to play their games.
You might also consider firewall whitelist techniques to give only
selected people access to particular services. Such a whitelist
is not a complete security system unto itself but it serves to
bolster your defenses and to shrug off the casual troublemaker
who wanders around trying the locks
to see what is easily
available.
A Linux firewall comes with the ability to control what you log, how you generate summaries of the logs and where to put the results. This gives almost infinite flexibility. For example, iptables lets you count the packets and bytes against each firewall rule so you know which rules are active and when.