25 May 2005

Linux Firewall

The Linux kernel versions 2.4.x and 2.6.x come with a really neat firewall technology called netfilter/iptables. It's based on an earlier technology that is it's self based on technology borrowed from the BSD family.

When you first use iptables, it's all a bit odd, but once you get over the basics, it's actually a dead easy tool to use. The netfilter is loaded into the kernel, and iptables is the tool to load and unload rules into netfilter.

After setting up the rules on my own box, I spotted an article discussing various tools that help automate the creation and maintenance of iptables rules. There are actually quite a few projects, some come with GUIs, some without.

I have no idea how good or bad any of these are, as I did my own firewall and don't want to mess with it now, but it's good to see that there are options out there.