The term firewall (wall of fire or wall of protection) has several meanings depending on the implementation and purpose. The firewall is a machine connected to the Internet which puts into practice some security policies. We have two connections to two different networks. A network card is connected to the Internet, and one is connected to the local network card. Any package of information that comes from the Internet and wants to reach the local network must first pass through the firewall. So the firewall is the ideal place to implement the network security policies and have thus the control of what’s happening between the outside world and your own world, which is in fact, your computer.
A firewall machine is nothing, if there is not defined a firewall policy. In general, firewalls serve two purposes: to keep people (worms / hackers / crackers) out and to keep people (employees / children) in. For a firewall there are two main ways of approach: it denies everything by default and explicitly allows the passage of certain packets or it allows all by default and explicitly forbids the passage of certain packets. The creation of a firewall policy is, in essence, quite simple. It is determined by what wants to get out of your local network, but especially by what wants to enter I; what kind of packets.
The services that provide a firewall refer to firewalls filters, which block some specific packages and Proxy Servers, which establish a network connection to computers outside the LAN.
Firewalls are filters that control each IP packet flowing through the system (entering, exiting or simply passing in a certain period of time in the network). It checks the information and decide what package will pass and which will not. They can let the package to pass (accept) or they can stop them (REJECT / DENY). These are major operations that can be performed by a packet filter on a package.
In addition, there are other functions that can be performed by a packet filter: masking, forwarding, port forwarding, which will be detailed below. A packet filter for Linux has built inside a kernel. A filtering firewall works at the network layer. The information can leave the system if the firewall rules allow it. When the packets reach the firewall, they are filtered by type, source address, destination address and port number. This information is contained in any IP packet. Most network routers offer filtering services. The firewall is actually a kind of router. Because very few data are analyzed and logged, firewalls use less CPU time and create fewer network delays than other services.
The firewalls do not support password authentication. A firewall identifies a user’s IP address only after its functioning. Among the advantages of a firewall, we can include: traffic control (if the firewall runs on the gateway of a network, it ensures a certain type of traffic, you can restrict such traffic to a certain part of the Internet or other external networks), increased security (the firewall sits between your local network and the Internet chaos; it is therefore a good idea to restrict the outside access to your open ports; you can allow your local network to access only certain places considered safe) and network monitoring (if a badly configured machine on your local network got a virus and begins to transmit packets at random in the outside world is good to know this and to remedy the situation by stopping the connection with that network, if you can and know).
Linux kernels have had filters since the 1.1 version. The first generation of filters appeared in 1994. They were improved by specialists and started to contain two nuclei. In 1998, Rusty Russell and Michael Neuling introduced a new filter. Finally, in 1999, Rusty Russell introduced a fourth generation of tools for packet filtering, for two nuclei again.
