LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-23-2003, 04:10 AM   #1
Grim Reaper
Member
 
Registered: Apr 2002
Distribution: Gentoo 2006.0 AMD64
Posts: 399

Rep: Reputation: 30
Differences between a simple packet filter, and a firewall...


Lately I've been reading some guides on Firewalls/Packet Filters (Using IPTables, etc.)...What I don't get is what is different between a Firewall and a Packet Filter. I've always been under the assumption that a Packet Filter _is_ a firewall...

I've also read somewhere that a Packet Filter is easier to breakin/get past than a firewall....

basically, what kind of filtering and differences are there on a firewall than there is packet filtering....as i said, ive always thought the two were basically the same.
 
Old 02-24-2003, 02:00 PM   #2
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
The word firewall has been so generically applied that it gets confusing reading reviews and such.

There are three main approaches to firewalling:

1. Packet filter - this simply compares the address and port info of a packet against a set of rules. example: allow incoming port 80.

2. Stateful Packet Inspection - this is the same as the above, but it maintains a table in memory of the 'state' of connections. Works in layer4 (if you're a OSI guy) mostly but will have a peak into Layer 7 (application layer) when a session is started. This makes several sorts of 'spoof attacks' fail, where they coiuld possibly succeed against a 'dumb' packet filter. All ICSA devices fall into this category.

3. Application proxies - these are the most secure but they are a lot slower. All traffic (Layer 7) is inspected, You could allow or disallow a specific command in ftp ( you could disable cd for example). The disadvantage here is that you need a proxy for every service (ftp, http, etc, each get their own), well the speed can be a problem depending on the service and traffic.

skye
 
Old 02-25-2003, 01:25 AM   #3
Grim Reaper
Member
 
Registered: Apr 2002
Distribution: Gentoo 2006.0 AMD64
Posts: 399

Original Poster
Rep: Reputation: 30
Well so far this is my rc.firewall, hehe:

Code:
/sbin/iptables -F
/sbin/iptables -A INPUT -m state --state NEW,INVALID -i ppp0 -j DROP
/sbin/iptables -t nat -a POSTROUTING -o ppp0 -j MASQUERADE

/sbin/iptables -I INPUT 1 -p tcp -m multiport --dport 22 -j ACCEPT
thats all thats in there...so i guess i have two out of three of your points above?
 
Old 02-25-2003, 09:24 AM   #4
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
You are using stateful inspection. It's actually the same as #1 except that it relies on the state table rather than on packet headers.
 
Old 02-27-2003, 03:56 PM   #5
MrJoshua
Member
 
Registered: Apr 2002
Location: Houston Texas
Distribution: Debian / Gentoo / RHEL
Posts: 209

Rep: Reputation: 31
If you do not understand howto setup a good iptables firewall, there is a generator at hideaway.net that makes decent firewalls. You put in your information about your network, and then tell the script what you want to do, and it generates one for you. I liked these firewalls when I was starting with IPtables, but when you need to get very advanced you will have to write you own.
 
Old 03-05-2003, 11:51 AM   #6
WeNdeL
Member
 
Registered: Oct 2002
Location: At my desk...
Distribution: RedHat, Fedora, Ubuntu
Posts: 344

Rep: Reputation: 30
get this book: "Linux Firewalls" by Robert Ziegler

tis pretty cool IMO...
 
Old 03-05-2003, 01:00 PM   #7
nakkaya
LQ Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
Quote:
Originally posted by MrJoshua
If you do not understand howto setup a good iptables firewall, there is a generator at hideaway.net that makes decent firewalls. You put in your information about your network, and then tell the script what you want to do, and it generates one for you. I liked these firewalls when I was starting with IPtables, but when you need to get very advanced you will have to write you own.
cant find it can you send the full url
 
Old 03-05-2003, 01:11 PM   #8
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
http://www.hideaway.net/home/public_...r/iptables.php
 
Old 03-05-2003, 11:05 PM   #9
cryptomundo
LQ Newbie
 
Registered: Mar 2003
Posts: 5

Rep: Reputation: 0
I dont agree that a packet filter is easier to break in than a true firewall device (also packet filtering). THere are so many variables in this its hard to answer ...

The difference between a packet filter and a true firewall per say is the firewall will keep track of outgoing connections and allow the established connections to return and filter inbound connections to specific addresses and ports ... a packet filter normally is filtering inbound (or outbound) connections and thats it ... just a basic filter. So, is one more secure than the other ... both can be vulnerable depending on what device and operating system the firewall/filter is running ... and also how they are configured. However, the most important factor in the port you have opened up to the resource you want to protect! Once you open up a port ... then it becomes an issue with the device residing behing the firewall/filter .... follow me?
 
Old 03-06-2003, 01:32 AM   #10
Defboy2k
LQ Newbie
 
Registered: Nov 2002
Location: South Africa
Distribution: Redhat 7.1
Posts: 17

Rep: Reputation: 0
Hey all, I'm no hardcore security and all... this is also my first attempt at actually helping someone with my "knowledge" so I am a bit apprehensive... but here's my thought anyway.

I don't klnow if it's any good but Bastille has the ability to create a firewall for your based on the input that you provide... I don't know if that is any help, or if it's even any good. Maybe someone can actually tell me the answer to that one...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet Filter to redirect a packet to a user level process akawale Linux - Networking 3 09-01-2006 12:06 PM
About BSF(BSD Packet Filter) docterling Linux - Networking 5 05-20-2004 07:59 AM
packet filter firewall naveenpurswani Programming 2 03-29-2004 02:54 PM
IP Packet filter doraiashok Programming 2 02-26-2004 11:21 AM
Network Packet Filter vs ipchains Nephlite Linux - Networking 1 02-04-2002 03:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration