Firewall (Linux)-

A simple firewall is a filter which blocks the packets based on the pre-defined filter rules. There are two general strategies to set-up a filter. One strategy is restrictive firewall which blocks all packets except those specified. The other is connectivity-based firewall which allows all packets to pass through but blocks those specified. The packets to be allowed to pass through the filter in a restrictive firewall and the packets to blocked in a connectivity-based firewall can be defined case-by-case by the filter rules. The filter rules can be defined by the protocol type, host/network IP-address/name, TCP/UDP port number, interface name, etc. In Linux, the filter rules are set-up and maintained by ipchains or iptables commands (iptables is more powerful than ipchains).

Set-up and test a simple restrictive firewall and a simple connectivity-based firewall in a host. The restrictive firewall should allow the input packets of a (or a few) specific protocol type(s) to pass through the filter and block all the other packets. The connectivity-based firewall should block the input packets of a (or a few) specific protocol type(s) but allow all the other packets to pass through. Log the allowed packets in the restrictive firewall and log the blocked packets in the connectivity-based firewall.

Some notes-

-Consult the man page to find the details of iptables command. Further information is available at www.netfilter.org.

-You may need to clean out any existing filter rules for the assignment and you should clean out what you have set-up after you finish your test. The following is a sample for clean out.

iptables -F INPUT

iptables -P INPUT ACCEPT

iptables -F FORWARD

iptables -P FORWARD ACCEPT

iptables -F OUTPUT

iptables -P OUTPUT ACCEPT

-You may need to set-up the firewall on one machine and use a different machine to send packets to test the firewall.

What to submit:

1 document to explain the design of your firewall (filter rules)

2 sets of shell scripts: one for restrictive firewall and another for connectivity-based firewall. Each set of scripts should contain a script to setup the firewall and a script to test the firewall.

2 logged files from the tests (1 for each firewall). Logged files should include information such as protocol type, source and destination IP addresses and host names, etc.