Firewalls make it possible to filter incoming and outgoing traffic that flows through
your system. A firewall can use one or more sets of “rules” to inspect the
network packets as they come in or go out of your network connections and either allows
the traffic through or blocks it. The rules of a firewall can inspect one or more
characteristics of the packets, including but not limited to the protocol type, the
source or destination host address, and the source or destination port.
Firewalls can greatly enhance the security of a host or a network. They can be used to
do one or more of the following things:
-
To protect and insulate the applications, services and machines of your internal
network from unwanted traffic coming in from the public Internet.
-
To limit or disable access from hosts of the internal network to services of the
public Internet.
-
To support network address translation (NAT), which
allows your internal network to use private IP
addresses and share a single connection to the public Internet (either with a single
IP address or by a shared pool of automatically
assigned public addresses).
After reading this chapter, you will know:
-
How to properly define packet filtering rules.
-
The differences between the firewalls built into FreeBSD.
-
How to use and configure the OpenBSD PF firewall.
-
How to use and configure IPFILTER.
-
How to use and configure IPFW.
Before reading this chapter, you should: