Linux firewall configuration pdf
The Internet is a scary place these days. Almost linux firewall configuration pdf, a new zero day, security breach, or ransomware occurs leaving many people wondering if it is possible to secure their systems.
Many organizations spends hundreds of thousands, if not millions, of dollars trying to install the latest and greatest security solutions to protect their infrastructure and data. Home user’s though are at a monetary disadvantage. Investing even a hundred dollars into a dedicated firewall is often beyond the scope of most home networks. Thankfully, there are dedicated projects in the open source community that are making great strides in the home user security solutions arena. 2 or more PCI-e network interface cards. Modern multi-core CPU running at least 2. The default behavior for many firewalls is to block everything, good or bad.
This is great from a security standpoint but not from a usability standpoint. Before starting into the installation, it is important to conceptualize the end goal before beginning the configurations. Part of the installation process will involve prompting the user to begin configuring LAN and WAN interfaces. Using the drop down menu’s on the link provided earlier, select an appropriate mirror to download the file.
The next process is to write the ISO to a USB drive to boot the installer. Also this command will REMOVE EVERYTHING on the USB drive. Be sure to backup needed data. Boot that computer to that media and the following screen will be presented.
At this screen, either allow the timer to run out or select 1 to proceed booting into the installer environment. Once the installer finishes booting, the system will prompt for any changes desired in the keyboard layout. Easy Install’ or more advanced install options. Easy Install’ method which won’t ask as many questions during the installation. The first question that is likely to be presented will ask about which kernel to install.
Standard Kernel’ be installed for most users. When the installer has finished this stage, it will prompt for a reboot. Be sure to remove the installation media as well so the machine doesn’t boot back into the installer. The first thing to do would be to set an IP address on the LAN interface. Enter’ key when asked about VLANs. Type in the interface name recorded in step one when prompted for the WAN interface or change to the proper interface now. 0’ is the WAN interface as it will be the interface facing the Internet.
Sense will now prompt to ensure that the interfaces are assigned properly. The next step will be to assign the interfaces the proper IP configuration. For this install the WAN interface can use DHCP without any problems but there may be instances where a static address would be required. The process for configuring a static interface on the WAN would be the same as the LAN interface that is about to be configured.
2’ again when prompted for which interface to set IP information. Again 2 is the LAN interface in this walk through. This address should not be in use anywhere else on the network and will likely become the default gateway for the hosts that will be plugged into this interface. The next prompt will ask for the subnet mask in what is known as prefix mask format.
The next prompt will ask to configure IPv6 on the LAN interface. This guide is simply using IPv4 but should the environment require IPv6, it can be configured now. Most home users will need to enable this feature. Again this may need to be adjusted depending on the environment. It is strongly encouraged NOT to do this as the HTTPS protocol will provide some level of security to prevent disclosure of the admin password for the web configuration tool.
This concludes the basic configuration steps to make the firewall device ready for more configurations and rules. The web interface is accessed through a web browser by navigating to the LAN interface’s IP address. Purchasing of a Gold subscription isn’t required and the step can be skipped if desired. The next prompt will be to configured Network Time Protocol, NTP. Sense supports multiple methods for configuring the WAN interface.
The default for most home users is to use DHCP. DHCP from the user’s internet service provider is the most common method for obtaining the necessary IP configuration. The next step will prompt for configuration of the LAN interface. If the user is connected to the web interface, the LAN interface has likely already been configured. However, if the LAN interface needs to be changed, this step would allow for changes to be made. As with all things in the security world, default passwords represent an extreme security risk.