I know most of us have heard its name, but there are very few what is it and how does it function.
Not to worry, i will be beginning by explaining what a firewall is.A firewall is a system(which can be hardware, software or both), designed to prevent unauthorized access to or from a private network. Generally a firewall is configured to block certain inbound ports directed at your local network, but to allow most outbound traffic to travel to the Internet. Holes or conduits(conductors of signals) are opened through the firewall to allow access to systems on your local network like your web server. In a "stateful" configuration, the firewall remembers the context of connections and continuously updates this state information in dynamic connection tables. A firewall is not a panacea to solve all of your security problems; invariably you will open ports through your firewall to allow access to local machines. If one of the local machines is compromised, then the firewall is no longer relevant.
Some of the commonly used software firewalls for windows are COMODO Internet security, KASPERSKY Internet security, WINDOWS firewall, ZONEALARM PRO firewall and so on while for linux we have UFW, iptables and so on.
The question which most of you all must be thinking is why do we need a firewall, and the answer is simple, a firewall can help prevent hackers, malicious softwares(like worms) from gaining access to your computer through a network or the Internet and also it can help stop your computer from sending malicious software to other computers.
SETTING UP OF FIREWALL IN WINDOWS AND LINUX
I chose Kaspersky Internet Security 2011 for windows and ufw(or gufw) for linux.
Windows
Install Kaspersky Internet Security 2011. After installing it, it will disable windows firewall. Run this program and then open Settings, then select Firewall. Then select settings.
This will in turn open up a new window of settings.
Here select Enable Firewall.
Then go to settings. This opens up panel with 3 tabs, namely – Rules for Applications, Packet Rules and Networks.
Rules for application- here one can see all the applications which may require Internet access and what type of security one want for it. One can easily customize it.
Packet Rules- this setting allows one to customize network services, like blocking or allowing them to send and receive via Internet. It also allows one to select ports for different applications.
Networks-it tells what network is connected and what type of network it is.
Linux
ufw is by default installed, but is disabled. First one have to enable it by typing in terminal the following command
sudo ufw enable
now type – sudo gufw
*please note gufw is the graphical version of ufw.
SETTING UP DIFFERENT RULES IN WINDOWS AND LINUX
For windows, I chose WINDOWS firewall and for Linux, ufw was my choice.
WINDOWS FIREWALL
Microsoft launched WINDOWS FIREWALL from windows xp and still on windows 7, one can find it pre installed. If one does not have it, one can download it from Internet.
To open WINDOWS FIREWALL, click start, open up CONTROL PANEL and then click on Windows Firewall.
Allow a program or feature through windows firewalls
turn firewall on or off AND change notification settings(both function the same)
advanced settings
troubleshoot my network
it also tells that what are the settings(windows firewall setting) for the active connection.
Allow a program or feature through Windows Firewall
To add, change or remove allowed program and ports, click on Allow a program or feature through Windows Firewall on the right hand side column(as shown in the picture below)
One can change the settings by clicking on the Change settings button and then tick the box in front of the application name in the connection you want. One can also add other programs.
Turn firewall on or off/change notification settings
Here one can modify the firewall settings for each type of network to which computer is connected, for example, turn on/off the windows firewall for public network .
Advanced Settings
The advance settings let one go inside to the further details and settings of firewall, like one can see the applications which are allowed only to send data out, but not allowed to take in.
Troubleshoot my network
This can help one further to solve their problems like sharing of files over network, etc.
UFW(UNCOMPLICATED FIREWALL)
The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall.
By default, ufw is disabled. To enable it, open command terminal and then type:
sudo ufw enable
To open a port (ssh in this example):
sudo ufw allow ssh
Similarly, to close an opened port:
sudo ufw deny ssh
to remove a rule, use delete followed by the rule:
sudo ufw delete deny ssh
It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host:
sudo ufw allow proto tcp from 192.168.0.2 to any port ssh
ufw Masquerading
IP Masquerading can be achieved using custom ufw rules. This is possible because the current back-end for ufw is iptables-restore with the rules files located in /etc/ufw/*.rules
. These files are a great place to add legacy iptables rules used without ufw, and rules that are more network gateway or bridge related.
The rules are split into two different files, rules that should be executed before ufw command line rules, and rules that are executed after ufw command line rules.
First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in
/etc/default/ufw
change the DEFAULT_FORWARD_POLICY to “ACCEPT”:DEFAULT_FORWARD_POLICY="ACCEPT"
Then edit
/etc/ufw/sysctl.conf
and uncomment:net.ipv4.ip_forward=1
we will add rules to the
/etc/ufw/before.rules
file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments:# nat Table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic from eth1 through eth0. -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't be processed COMMIT
The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the rules files in
/etc/ufw
, make sure these lines are the last line for each table modified:# don't delete the 'COMMIT' line or these rules won't be processed COMMIT
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules
. It is recommended that these additional rules be added to the ufw-before-forward chain.
iptables Masquerading
iptables can also be used to enable masquerading.
Similar to ufw, the first step is to enable IPv4 packet forwarding by editing
/etc/sysctl.conf
and uncomment the following linenet.ipv4.ip_forward=1
Next, execute the sysctl command to enable the new settings in the configuration file:
sudo sysctl -p
IP Masquerading can now be accomplished with a single iptables rule, which may differ slightly based on your network configuration:
sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE
The above command assumes that your private address space is 192.168.0.0/16 and that your Internet-facing device is ppp0. The syntax is broken down as follows:
-t nat -- the rule is to go into the nat table
-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain
-s 192.168.0.0/16 -- the rule applies to traffic originating from the specified address space
-o ppp0 -- the rule applies to traffic scheduled to be routed through the specified network device
-j MASQUERADE -- traffic matching this rule is to "jump" (-j) to the MASQUERADE target to be manipulated as described above
Also, each chain in the filter table (the default table, and where most or all packet filtering occurs) has a default policy of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work:
sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT
The above commands will allow all connections from your local network to the Internet and all traffic related to those connections to return to the machine that initiated them.
If you want masquerading to be enabled on reboot, which you probably do, edit
/etc/rc.local
and add any commands used above. For example add the first command with no filtering:iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE
TO MONITOR WHICH PORT IS BEING ACCESS BY APPLICATIONS CURRENTLY ACCESSING THE SYSTEM
FOR WINDOWS
click on start, type “cmd.exe” and press enter to open up command line. When the command line begins, type “netstat” and then type enter.
On the command prompt one will get a result like the pic above.
The columns represents the following
Proto → protocol
Local-address → ip address(computer's) and the port number(the red box)
Foreign address → the address to which data is send
State → it represents the current state of the application accessing internet
FOR LINUX
Open gnome-terminal and type “netstat -t” for tc prototype and “netstat -u” for ud prototype
"netstat -t"
The columns represents the following
Proto → protocol(tcp because we chose it)
Recv-Q → received packets
Send-Q → send packets
Local-address → ip address(computer's) and the port number
Foreign address → the address to which data is send
State → it represents the current state of the application accessing Internet
EXPERIENCE
It was a bit interesting to learn about firewalls , as i had interest in it. It required a lot of hard work as I to do it all alone..!!
Some of the links preferred :-
www.google.com
en.wikipedia.org
help.ubuntu.com
*please note- all the pics were mine own.
Contributed by:-
Inshu Kumar Chugh(2011052)
Thanks a lot for sharing about firewall, it's a good for pc.
ReplyDeletefree software download full version sites