Table 48.5. Firewall Types
|NAT||Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several. The Linux kernel has built-in NAT functionality through the Netfilter kernel subsystem.|| |
|Packet Filter||A packet filtering firewall reads each data packet that passes through a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.|| |
|Proxy||Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.|| |
48.8.1. Netfilter and IPTables
188.8.131.52. IPTables Overview
iptablesadministration tool, a command line tool similar in syntax to its predecessor,
ipchainsrequires intricate rule sets for: filtering source paths; filtering destination paths; and filtering both source and destination connection ports.
iptablesuses the Netfilter subsystem to enhance network connection, inspection, and processing.
iptablesfeatures advanced logging, pre- and post-routing actions, network address translation, and port forwarding, all in one command line interface.
iptables. For more detailed information, refer to Section 48.9, “IPTables”.