User guide
Firewalls
69
• Adding/deleting a connection:
• ipsec auto --add/delete <connection name>
• Connection establishment/breaking:
• ipsec auto --up/down <connection-name>
• Generating RSA keys:
• ipsec newhostkey --configdir /etc/ipsec.d --password password --output /
etc/ipsec.d/<name-of-file>
• Checking ipsec policies in Kernel:
• ip xfrm policy
• ip xfrm state
• Creating self-signed certificate:
• certutil -S -k rsa -n <ca-cert-nickname> -s "CN=ca-cert-common-name" -w
12 -t "C,C,C" -x -d /etc/ipsec.d
• Creating user certificate signed by the previous CA:
• certutil -S -k rsa -c <ca-cert-nickname> -n <user-cert-nickname> -s
"CN=user-cert-common-name" -w 12 -t "u,u,u" -d /etc/ipsec.d
2.4.2.4. Openswan Resources
• http://www.openswan.org
• http://lists.openswan.org/pipermail/users/
• http://lists.openswan.org/pipermail/dev/
• http://www.mozilla.org/projects/security/pki/nss/
• The Openswan-doc package: HTML, examples, README.*
• README.nss
2.5. Firewalls
Information security is commonly thought of as a process and not a product. However, standard
security implementations usually employ some form of dedicated mechanism to control access
privileges and restrict network resources to users who are authorized, identifiable, and traceable.
Red Hat Enterprise Linux includes several tools to assist administrators and security engineers with
network-level access control issues.
Firewalls are one of the core components of a network security implementation. Several vendors
market firewall solutions catering to all levels of the marketplace: from home users protecting one
PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone
hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as
Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for
home and business markets.