Results 1 to 10 of 10

Thread: Firewall rules?

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default Firewall rules?

    I am interested in learning about firewall rules and what not. Does anyone know where I can find a entry level guide to firewall rules? I'm not talking about firewall rules, but the kind I can add to home FW software. Some allow customizable rules, and I would like to learn them.
    "You're only smoke and mirrors..."

  2. #2
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Most important thing: nearly all firewalls are the same. I mean they all say that their firewall is the best, but they all use iptables. If you know all about iptables, you already know nearly everything about firewalls. And if you fire up your BT and type iptables on the command line you will see that it's included in (nearly?) every linux distro.

    Just google for iptables:
    Iptables Tutorial 1.2.2

    If your "home FW software" doesn't allow iptables rules, it sucks
    Auswaertsspiel

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by SephStorm View Post
    I am interested in learning about firewall rules and what not. Does anyone know where I can find a entry level guide to firewall rules? I'm not talking about firewall rules, but the kind I can add to home FW software. Some allow customizable rules, and I would like to learn them.
    That's kind of confusing. You want an "entry level guide to firewall rules" but you're "not talking about firewall rules"?

    What Id suggest is that you do some basic reading on TCP/IP, specifically around how TCP/UDP ports and IP source/destination addresses are represented in packets, and also around how a TCP session is established.

    A firewall is essentially just a device that allows or denies packets based on rules that match particular subsets of this information. Better firewalls can also consider the state of a connection and filter based on this as well - this can be determined for TCP because its a stateful protocol, plus there are fudges for UDP and ICMP to allow state to be determined for them. So called stateful filtering allows you to specify a a rule to match the initial packet in a communication, and have all the other packets in that communication matched automatically by the rule.

    So, for example if you want to allow outgoing HTTP traffic through a firewall protecting an internal network, you normally would create a rule that allows traffic that has a source address from your internal network, a destination address of any, and a destination TCP port of 80 that is received by the internal interface of your firewall. On a stateful firewall this rule would also allow replies, on a non stateful firewall you would need to create an opposite rule, allowing external packets to enter the network going to your internal machines from a TCP source port of 80. This is a somewhat simplified example because HTTP communications can also occur over ports other than port 80, and Ive left out some detail about TCP flags in stateful firewall rules, but it demonstrates the general idea of how firewall rules work.

    So, knowing how to create a custom firewall rule requires you to know how TCP/IP communications occur, as well as knowing particular characteristics about how that communication works.

    A good way to learn about this is to setup a Linux firewall on your network (IPCop with Block Outgoing Traffic addon is what I started with), block ALL traffic, and then selectively allow traffic until the communications you want to use can work. Use wireshark and the firewall logs to see whats being blocked and whats being sent.

    Quote Originally Posted by floyd View Post
    I mean they all say that their firewall is the best, but they all use iptables. If you know all about iptables, you already know nearly everything about firewalls. And if you fire up your BT and type iptables on the command line you will see that it's included in (nearly?) every linux distro.
    Most Linux distros have it, yes. The requirements are to have Netfilter extensions compiled into the Linux kernel and to have the iptables binary on the system. Some Linux embedded solutions don't have it - the Linux kernel on my Buffalo NAS device didnt have it (until I install a modified kernel)

    Quote Originally Posted by floyd View Post
    If your "home FW software" doesn't allow iptables rules, it sucks
    Or its Windows (which might be the same thing as saying it sucks...). Iptables is Linux only, its the interface to the Netfilter extensions in the kernel - Netfilter is the software inside the kernel that actually does the packet filtering, iptables does the configuration of Netfilter. Other platforms have different firewalling software - BSD for example has "pf".
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    This is a good place to start. Daryl's TCP/IP Primer
    I think I was linked in the FreeBSD Handbook section of firewalls. I found it really helpful.

  5. #5
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Quote Originally Posted by lupin View Post
    That's kind of confusing. You want an "entry level guide to firewall rules" but you're "not talking about firewall rules"?
    I think I meant I wasnt talking about the more advanced rules and what not for hardware firewalls.
    "You're only smoke and mirrors..."

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by SephStorm View Post
    I think I meant I wasnt talking about the more advanced rules and what not for hardware firewalls.
    Its OK, I got the gist of your question anyway. (Didn't I?)
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Yes you did, thanks.
    "You're only smoke and mirrors..."

  8. #8
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Firewall

    Another thing
    You deserve understand how the packets cross the firewall rules.

    google iptables diagram ...

    I particulary love OpenBSD/PF

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by spawn View Post
    I particulary love OpenBSD/PF
    That makes two of us
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default

    Quote Originally Posted by wyze View Post
    That makes two of us
    PF is really the true firewall for me


    This is my option

    :P

    **** IPTABLES

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •