Chapter 25. iptables: Setting Up a Firewall | A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)

25. iptables: Setting Up a Firewall

IN THIS CHAPTER

How iptables Works	764
Rules, matches, targets, and chains	764
Network packet	765
Jumps and targets	766
JumpStart: Building a Firewall Using system-config-securitylevel	768
Anatomy of an iptables Command	769
Building a Set of Rules	770
system-config-securitylevel: Generates a Set of Rules	777
Sharing an Internet Connection Using NAT	779

The iptables utility builds and manipulates network packet filtering rules in the Linux kernel. You can use iptables to create a firewall that protects a system from malicious users and to set up NAT (Network Address Translation, page 1044), which can allow multiple systems to share a single Internet connection. The iptables utility is flexible and extensible, allowing you to set up both simple and complex network packet filtering solutions. It provides connection tracking (stateful packet filtering), allowing you to handle packets based on the state of their connection. For example, you can set up rules that reject inbound packets trying to open a new connection and accept inbound packets that are responses to locally initiated connections. Features not included in the base iptables package are available as patches via the patch-o-matic program.

Some of the concepts required to fully understand iptables are beyond the scope of this book. Although you can use iptables at several different levels, this chapter presents only the fundamentals. There are, however, some sections of this chapter that delve into areas that may require additional understanding or explanation. If a concept is not clear, refer to one of the resources in "More Information"on page 766.