Firewall: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
A common free firewall for Windows that blocks all of your [[ports]] is [http://www.zonealarm.com zone alarm].  
A Firewall is an extension to an Operating System that allows one to create policies for Internet protocols in order to deny content that is deemed illegal or harmful.  Firewalls are most common to work on [[OSI]] layers 3 and 4.  Commercial firewalls often inspect higher layers than 3 and 4, for example SMTP content ([[RFC]] 2821 and 2822).


If you're using a Unix based operating system, I recommend a firewall such as [http://www.openbsd.org/faq/pf/ pf].
My recommended process for installing a firewall is:
My recommended process for installing a firewall is:


# Block all by default
; # : Block all by default
# Allow rules only as required
; # : Allow rules only as required


For example, if you have blocked all by default, first you will want to try to resolve DNS I'm sure. So you will need to start a packet sniffer (tcpdump, ethereal, snoop) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow port 53.. but was that TCP or UDP? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall.
For example, if you have blocked all by default, first you will want to try to resolve [[DNS]] I'm sure. So you will need to start a packet sniffer ([[tcpdump]], [[ethereal]], [[snoop]]) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow [[port]] 53.. but was that [[TCP]] or [[UDP]]? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP address, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall.
 
=== Firewalls for UNIX ===
 
; [http://www.openbsd.org/faq/pf/ pf] : A stateful firewall written by Daniel Hartmeier for [[OpenBSD]].  Has been ported to all [[BSD]]'s.  pf has a nice logging mechanism that one can view with [[tcpdump]].
 
; ipfw : IP Firewall available in [[FreeBSD]].  Much work done from Luigi Rizzo.
 
; ipf : IP Filter available in a number of UNIX OS's.  Written by Darren Reed.
 
; Checkpoint :  Expensive commercial firewall runs on Solaris.  Written in Israel.
 
 
 
=== Firewalls for Windows ===
 
A common free firewall for Windows that blocks all of your [[ports]] is [http://www.zonealarm.com zone alarm].  Checkpoint Firewall also works on Windows.

Revision as of 04:52, 24 October 2005

A Firewall is an extension to an Operating System that allows one to create policies for Internet protocols in order to deny content that is deemed illegal or harmful. Firewalls are most common to work on OSI layers 3 and 4. Commercial firewalls often inspect higher layers than 3 and 4, for example SMTP content (RFC 2821 and 2822).

My recommended process for installing a firewall is:

#
Block all by default
#
Allow rules only as required

For example, if you have blocked all by default, first you will want to try to resolve DNS I'm sure. So you will need to start a packet sniffer (tcpdump, ethereal, snoop) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow port 53.. but was that TCP or UDP? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP address, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall.

Firewalls for UNIX

pf
A stateful firewall written by Daniel Hartmeier for OpenBSD. Has been ported to all BSD's. pf has a nice logging mechanism that one can view with tcpdump.
ipfw
IP Firewall available in FreeBSD. Much work done from Luigi Rizzo.
ipf
IP Filter available in a number of UNIX OS's. Written by Darren Reed.
Checkpoint
Expensive commercial firewall runs on Solaris. Written in Israel.


Firewalls for Windows

A common free firewall for Windows that blocks all of your ports is zone alarm. Checkpoint Firewall also works on Windows.