Chapter 6: Maintaining Open Source Firewalls

Introduction

Regardless of the type of firewall you deploy, you will have to test and maintain it carefully. You need to actively monitor your firewall so that you can discover scanning attacks, connection attempts, and general weaknesses. Of course, you will have to scan your firewall to ensure that all extraneous ports and daemons are closed. You can use a scanner such as Nessus (www.nessus.org) to do this. However, even an application such as Nessus cannot implement the specific attacks necessary to truly test your firewall. In this chapter, you will learn about how to properly test and log activity. You will be able to verify that the firewall is working, make intelligent changes on demand, and generate useful reports.

In this chapter, you will use applications such as Telnet, Netcat, and SendIP, and Nmap to query the firewall. Doing so will help you determine if your firewall is truly protecting your network. Just one accidental omission of a rule can open a hole that could allow a hacker into your network.

You may never know that a hacker has entered your network unless you carefully monitor your firewall logs. Doing so is sometimes an unglamorous, thankless job. However, using applications such as Firedaemon and fwlogwatch, both of which are profiled in this chapter, you can receive automatic alerts. fwlogwatch can even automatically reconfigure your firewall for you in case of a scanning attack. Even if you choose to not automatically block traffic, using the testing and logging tools discussed in this chapter you can maintain your firewall so that it is blocking and allowing the right traffic for your business.