Introduction
Linux Embedded Appliance Firewall | |
---|---|
Summary | Free, extremely flexible and powerful Linux based firewall distro. Setup and configuration may be difficult for those unaccustomed to command-line interfaces |
Update | 17 June 2004 - Corrected developer information |
Pros | • Free
• Fast (even with old CPUs) • Extremely configurable, including features and number of physical interfaces • Can run from single floppy |
Cons | • Configuration and setup not for newbies |
|
Being connected to the Internet these days is like playing dodge ball when you were a kid - lots of people trying to hit you with something, preferably in a place where it will hurt or leave a mark. At least that's the way we played it. The good news is that you can protect yourself from many Internet based attacks through the use of a good firewall.
So what does a firewall do? When you're connected to any computer network like the Internet, communication takes place on different ports. A network firewall is basically a system that controls communications to and from you based on those ports. If you're not running a web server for instance, then nobody from outside should be initiating a connection to you on port 80, so the job of a basic firewall then would be to block such requests, while still allowing you to surf the web, read your email, and so forth.
Sometimes what is commonly called a firewall goes beyond the basic "block out the bad stuff" functionality. Let's say you have a small network with a connection to the Internet and you also run a web server exposed to the Internet. A firewall in this case would also need to include routing capabilities. It will need to provide a means of sharing a single connection to the Internet so that everyone on the local network can have access, and it will need to forward port 80 requests from the outside to your web server, all while keeping invalid requests out. In addition, a firewall/router system may also provide other features, such as DHCP service, DNS service, content filtering, packet sniffing, traffic shaping, VPN tunnels, web proxy, application proxy, and just about any other method devised to keep the local network running smoothly and the bad guys out.
What is commonly referred to as a firewall then, could be as simple and cheap as a piece of software installed on your local computer (like ZoneAlarm), or it could be a dedicated rack full of high end hardware that provides nearly every network defense strategy known to man. Today I'd like to introduce you to something that I like to think of as the best of both those worlds, an Open Source, Linux based firewall called LEAF-Bering uClibc. Cheap? Try free. High end? It's as functionally rich as you want to make it. You provide a computer to install it on, and by using LEAF-Bering uClibc you can build a firewall/router that will rival some of the best firewall systems available.