A computer firewall is simply a piece of hardware or software that prevents unwanted, possibly malicious, outside access to your computer through your Internet connection. In its simplest and strictest sense, such firewalls block or simply ignore incoming attempts by outside systems to establish a connection to your computer, while, at the same time, allowing your computer to originate and establish connections with other outside systems.
There are two basic types of firewalls; hardware-based and software-based. It is highly recommended that you implement BOTH types between your computer and your outside Internet connection. This will establish your hardware firewall as your first line of defense against unauthorized intrusion into your system, while your software firewall serves as your backup in case your hardware firewall is compromised. In cases where you are mobile, such as when you are using a laptop to connect to a WiFi hotspot at the local Internet cafe, your software firewall may become your first and only line of defense against unauthorized access.
As long as you are connected to the Internet, you can easily check the effectiveness of your firewall configuration by going to any of several online firewall testing websites. The most widely used is ShieldsUP! at www.grc.com. To start testing, click on the Services menu of the www.grc.com homepage and select ShieldsUP!. ShieldsUP! will probe each port on your computer to see if there is a response. If you are not running any web services (e.g., a web server), then all of your ports should be closed (i.e., none of your ports should respond to a ShieldsUP! connection request). In the parlance of the website, if all of your ports are closed, then you will get a full stealth rating.
IMPORTANT NOTE: If your system has a hardware firewall, then you will NOT be able to test the effectiveness of your software firewall with an online testing website such as ShieldsUP!. Such sites only test the first firewall encountered which will be the hardware firewall.
As one may surmise, a hardware firewall is a physical piece of equipment. For the home and small business user, the hardware firewall is usually part of the Internet modem or part of the local network router. In fact, a beginning user may not know whether a hardware firewall even exists on the system. However, there is a simple way to determine whether a hardware firewall is installed using the LiveMedium. Since antiX (including antiX MX) does not configure a software firewall, the absence of a hardware firewall will leave some ports open when connected to the internet. Here’s how to test for a hardware firewall:
Step 1: Boot from the LiveMedium.
Step 2: Go to the www.grc.com website.
Step 3: Select Services > ShieldsUP! from the website menu.
Step 4: Click the Proceed button and wait while ShieldsUP! probes all your computer ports.
Step 5: If all the ports are closed (i.e., you get a full stealth rating), then a hardware firewall is installed on your system. If, however, some ports are found to be open, then your system does not have a hardware firewall.
If it is determined that you don’t have a hardware firewall, and since it is a physical piece of equipment, then you will need to either update or add new equipment to your current local network or Internet connection setup. In the broadest of terms, what you will need is either a modem or a router that has a built-in Network Address Translation (NAT) capability. You probably won’t have to do any configuring of the default NAT settings, just hook up the new equipment.
Linux has a built-in software firewall capability defined by two elements; iptables and netfilter. Iptables is a table file that contains a list of rules for Internet access. Netfilter is a kernel module that implements the access filtering rules in the iptables. So, to configure your software firewall, you would edit the access rules (filters) in the iptables file. However, the flexibility and text-based nature of iptables means that manually configuring a software firewall can be a very complicated and precise process requiring a fairly sophisticated knowledge of Internet communication protocols. Fortunately, for the beginner, there are several programs that provide a graphical user interface (GUI) to editing iptables rules. Such interfaces allow easy editing of iptables and, in most cases, will even automatically configure the software firewall without any input from the user.
You can easily check to see if your software firewall is already configured using the iptables list command. To do this, open a terminal and become root. To see the current iptables configuration, type the following command (note that the command is case sensitive.).
If your software firewall is un-configured you will get the following printout…
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
As can be seen above, when iptables is in an un-configured state, all three of the main elements of the iptables rules (i.e., INPUT, FORWARD, and OUTPUT) are set to ACCEPT (i.e., are open to communication without any filtering). With no filtering rules, your computer, in essence, is running without a software firewall. Iptables will always be un-configured after a new install. If instead, a long list of rules are printed out, then your software firewall is already configured and you probably don’t need to install any configuration software.
In case you find that iptables is un-configured, then the average user will likely want to install a GUI interface to edit iptables. There are two widely used GUI interfaces available from the repos:
IMPORTANT NOTE: To avoid conflicts, install only ONE of the iptables interface applications.