Introduction

Thus far, you have seen how to further secure your network by enhancing network authentication and encrypting transmissions. However, even the best authentication and encryption schemes in the world cannot protect a system from scanning attacks, or from applications designed to flood hosts with bogus network packets. Distributed denial-of-service (DDoS) attacks such as those waged by Tribe Flood Network 2000 (TFN2K) and others can instantly flood a network with Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP) packets, effectively disabling all network hosts. You still need to establish a network perimeter, which means that you need a firewall.

Fortunately, the open source community has excelled in creating firewall software that is ideally suited for networks of any size. Linux natively supports the ability to route and/or filter packets. Modern Linux systems use either Ipchains or Iptables to do this. Ipchains supports Linux kernel versions up to 2.2. If you are using any kernel newer than 2.2 (i.e., the experimental 2.3 kernel, or the stable 2.4 kernel), you must use Iptables. The Iptables package supports packet masquerading and filtering functionality as found in the 2.3 kernel and later. This functionality is known as netfilter. Therefore, in order to use Iptables, you must recompile the kernel so that netfilter is installed, and you must also install the Iptables package. RPMs for Ipchains and Iptables can be found on the that accompanies this book. The file names are ipchains-1.3.9-17.i386.rpm and iptables-1.2.1a-1.i386.rpm. You can obtain...