Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
LUGs
Event Calendar
Archives
     2009
     2008
     2007
     2006
     2005
Article Code

user friendly

  linux-magazine.com » Issues » 2005 » 50 » The Drawbridge  

Print this page. Recommend
Slashdot it! Delicious Digg

Implementing a bridging-level firewall

The Drawbridge

Author(s): RALF SPENNEBERG

Firewalls are typically implemented as routers,but it doesn’t have to be that way. Bridging packet filters have a number of advantages,and you can add them to your network at a later stage without changing the configuration of your network components.

Linux has earned a reputation as an excellent firewall platform. The kernel has a powerful Netfilter/ IPtables-based packet filter. In a traditional firewall scenario, Netfilter resides on a router, where it subdivides the network into two or more subnets. But adding a firewall to an established network can involve changing the network infrastructure. This effort can result in IP address changes and modifications to access controls for internal services. It is far simpler to add a bridge. Bridges reside in layer 2 of the OSI reference model and normally inspect MAC addresses rather than IP addresses (see the box titled “Building Bridges”). Linux can leverage this capability in a clever way to add transparent firewalling to a network. Of course, the bridge evaluates packets from the higher protocol layers (IP addresses, TCP ports) in its role as a firewall. But the hosts on the network will not notice a thing, unless they attempt to send illegal packets.


Read full article as PDF »


Comments


Print this page. Recommend
Slashdot it! Delicious Digg
Related Articles
FYODOR’S DIET The Sysadmin’s Daily Grind: Nmap 4
SINGING Building a Netfilter firewall module
ARP WATCH The Sysadmin’s Daily Grind: Arpalert
Setting the Table Configuring Netfilter/iptables with Shorewall
The Watchdog Firewall configurations with Guarddog
For the Record Analysis Tools for Firewall Logfiles
Wherever you go...

...Linux Magazine goes with you!

Check out the advantages of a Digital Subscription:

  • Access articles by downloading PDFs,
  • find the Linux solutions you need with an easy keyword search,
  • maintain your own paperless archive...

more...

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2009 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux-Nachrichten] [Linux Events]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland] [Darmowe Programy Poland] [Open Source DVD Poland] [Linux Magazin Romania]
International: [Linux Magazine Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]