This is a re-post of a reply to an earlier query (which you could have easily found with a search).
iptables is a kernel module that is probably linked to your kernel, and is also a userland program that communicates with the aforementioned kernel module. By itself, the kernel module does nothing. To configure it to do it's work, you send it messages, using the userland iptables command. This is done repetitively, until the desired state is reached. Typically, the series of iptables commands is encapsulated in a script, and typically this script is run as some part of the boot sequence. The mechanics of setting up the boot-time scripts is a separate matter, and is well documented 'out there'.
As well, there are packages 'out there' that provide a gui for hand-holding and guidance in building up the script(s). These are sometimes (incorrectly) referred to as firewalls. I, personally, prefer to use a ready-made script called HomeLANSecurity, which a generous person made publicly avalailable. This is a package which allows a linux host to perform as a router/firewall for a local LAN connected to the interenet. I found it easy to understand, and also easy to add a few features for my specific application. There are numerous other packages that are similar in nature. Note that there is no 'best overall' iptables setup, because each situation has different requirements and emphases.
Setting up an iptables based firewall requires a combination of skills in iptables itself, shell scripting, and boot-time configuration. Much of the latter is dependent on your distribution, and other special requirements.
Hope this points you in the right direction.
--- rod.
|