The firewall is probably the best known security appliance. By definition firewall is a system or a group of systems which implements access policy between two or more networks.
Firewalls can be classified into four main classes:
1. Dedicated firewalls
2. Routers integrated firewalls
3. Servers integrated firewalls
4. Personal firewalls
1. Dedicated firewalls are hosts that runs an operating system designed for packet filtering and addresses translation. We can exemplify PIX systems or Checkpoint. These systems are capable of sustaining a large number of connections but routing facilities are extremely limited. For a simple network , firewall can be used as a router. For more complex networks is necessary a router.
2. Firewalls integrated into routers are used to remove the previous insufficiency. This class can not sustain the same number of connections, but it does better in more complex topologies, where you need the facilities of a router. Many products provide routers integrated firewall facilities, from firewall modules for high-end routers, to extremely compact dedicated for use in SOHO networks.
3. Server firewalls are implemented as additional software over an operating system (Linux , UNIX , NT , Win2k ). As an example we mention Netfilter , Microsoft ISA Server, Novel Border Manager. These examples are comparable as features and performance with firewalls built into medium routers.
4. Personal firewalls are installed on personal computers. They are designed to prevent attacks on the computer that runs only. It is important to remember that these types of firewalls are not optimized for the entire networks of computers. The main mechanisms that ensure the protection of network firewalls are packet filtering and address translation.
Packet Filtering is the process by which only particular packs are routed from one network to another based on some rules. Packet filtering operates in a traditional way with information from levels OSI 3 and 4.
Filtering rules are formed from a part which identifies the package and a part which specifies how to treat that specific package. On the identification part, can be specified source address , destination address , network source address and destination network adress , protocol (TCP, UDP , ICMP) , source or destination port (only for TCP or UDP), type of message (for ICMP), input or output interface and even level 2 addresses.
Identification of package can be done with any written information in the packet header, at level OSI 3 or 4 or even 2 , depends on implementation. The handling part of the package specifies what can be done with a package selected by a rule.
For filtration there is usually three handling options : ignore accept or reject. Accept means that the package is allowed to pass. On ignore option the package is not allowed and no notice is sent to source. Finaly,on reject option the package is not allowed but sends a notification to the source.
Iptables is the tool with which you can set policies and rules for packet filtering and address translation for Linux . This is part of Netfilter which implements in Linux package filtering and addresses translation.
On IPTables a rule has two parts :
– a part which identifies the packages
– a part that shows how to treat the packages (the target)
Processing of rules is done sequential starting with the first one. If for a package that traverses the system the rule is valid the action is executed associated to the target otherwise proceed to the next rule. If have exhausted all the rules from the user-defined chain or if the target is return continue analyzing the rules of the previous chain. If have exhausted all the rules from a predefined chain , execute the implicitly associated action of the chain. The package can be identified from source address , destination address , package type , port (TCP , UDP ) or the type message (ICMP), if there’s a fragment from the package, if there is a package that initiates an action(TCP).
Chains are rules sets which can determinate what action must be taken on a package.For each of the tables set there default chains (input , output , forward , prerounting, postrouting) provides a distributed structure of rules. Predefined chains does not only features a table. Tables share one or many chains. For example , chain “output” belongs to “filter” and also ” nat” , same as “input” belongs to “filter” and also “mangle”. When a package arrives to a station which implements this kind of policy decisions must be taken on it being performed each chain analysis mentioned above.
Hope this helped you understand better the concept of the firewall.