Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
81828384858687888990
Netfilter and IPTables
71
2.5.1. Netfilter and IPTables
The Linux kernel features a powerful networking subsystem called Netfilter. The Netfilter subsystem
provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter
also has the ability to mangle IP header information for advanced routing and connection state
management. Netfilter is controlled using the iptables tool.
2.5.1.1. IPTables Overview
The power and flexibility of Netfilter is implemented using the iptables administration tool, a
command line tool similar in syntax to its predecessor, ipchains, which Netfilter/iptables replaced in
the Linux kernel 2.4 and above.
iptables uses the Netfilter subsystem to enhance network connection, inspection, and processing.
iptables features advanced logging, pre- and post-routing actions, network address translation, and
port forwarding, all in one command line interface.
This section provides an overview of iptables. For more detailed information, refer to Section 2.6,
“IPTables”.
2.5.2. Basic Firewall Configuration
Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts
to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized
users from accessing your computer.
In a default Red Hat Enterprise Linux installation, a firewall exists between your computer or network
and any untrusted networks, for example the Internet. It determines which services on your computer
remote users can access. A properly configured firewall can greatly increase the security of your
system. It is recommended that you configure a firewall for any Red Hat Enterprise Linux system with
an Internet connection.
2.5.2.1. Firewall Configuration Tool
During the Firewall Configuration screen of the Red Hat Enterprise Linux installation, you were given
the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports.
After installation, you can change this preference by using the Firewall Configuration Tool.
To start this application, use the following command:
[root@myServer ~] # system-config-firewall