|
As you can see, netfilter is capable of a considerable amount of granularity and flexibility, from creating a basic SOHO connection-sharing environment to complex DMZ configurations more in line with large enterprise deployments. This, combined with the Layer 2 functionality discussed in the previous chapter, shows the range of using Linux firewalls as a one-stop solution for solving complex corporate network configuration issues. In later chapters we discuss how to specify using NAT rules both on source and destination addresses to create more complex rules that would allow you to break out destinations by the port as well as the IP, redirect traffic transparently into application layer proxies, and create multiple NAT configurations for VPN configurations. |
|