Iptables in the Simple Way

Over the past several years, the use of Linux as a firewall platform has grown significantly. Linux firewalling code has come a long way since the time ipfwadm was introduced in kernel 1.2. Recent changes in linux firewalling code include netfilter architecture (controlled from the command line by iptables utility), which was introduced in stable kernel 2.4.

The newest version 2.4 of Linux kernel (first released in January 2001) presents many new security enhancements such as: enhanced capabilities, better support for encryption (for VPN and encrypted file systems) and netfilter architecture, which is a re-implementation of Linux's firewalling code and which remains fully backward-compatible due to the use of ipchains and ipfwadm loadable kernel modules.

For the most part, you'll use iptables to perform Network Address Translation (NAT), also known as Masquerading, on machines that are routers or firewalls. As a rule, you wouldn't use iptables on a workstation or other regular host.

Configuring iptables through its own command line interface (i.e. iptables command with the corresponding options) presents a serious challenge as one has to specify the behavior of all IP packets that make up a connection both inwards and outwards. It also requires an intimate knowledge of TCP/IP and application protocols.

There are many site offering easy ways to generate iptables script. Easyfwgen.morizot.net is the most populer site that has a web base program called Easy Firewall Generator to generates an iptables firewall script for use with the 2.4 or later linux kernel. It is intended for use on a single system connected to the Internet or a gateway system for a private, internal network. It provides a range of options, but is not intended to cover every possible situation.

Easy Firewall Generator is a open source PHP Web application that generates an iptables firewall script and if you are a web master and want to create your own generator page you can download it at freshmeat project page or go directly to easyfwgen.morizot.net page and put it on your own web server.