FIREWALL DEVELOPMENT

Firewall is a set of scripts (firewall, fwup and fwdown) that implement an ip chains firewall and various forms of network address and port translation. All you have to do is read the policy file and edit it to reflect your topology and filtering policy. The policy file is composed of sections in which you need to specify: this host's trusted and untrusted network interfaces; this host's role and function within the network topology; the incoming and outgoing services to allow and the internal and external hosts that may take part in them. It has been designed to make this as painless and flexible as possible. Each section contains detailed explanations and advice on things such as when to start the firewall and the security implications of various well known internet services and advice on how to allow them safely. It is intended to introduce administrators to some subtleties of packet filtering quickly so that they can make better informed security decisions and achieve and maintain effective network security (at least the packet filtering part) in a very short time