tailieunhanh - Lecture notes on Computer and network security: Lecture 18 - Avinash Kak

Lecture 18, packet filtering firewalls (Linux). The goals of this chapter are: Packet-filtering vs. proxy-server firewalls; the four iptables supported by the Linux kernel: filter, nat, mangle, and raw; creating and installing new firewall rules; structure of the filter table, connection tracking and extension modules, designing your own filtering firewall. | Lecture 18: Packet Filtering Firewalls (Linux) Lecture Notes on “Computer and Network Security” by Avi Kak (kak@) March 23, 2016 12:02 Noon c 2016 Avinash Kak, Purdue University Goals: • Packet-filtering vs. proxy-server firewalls • The four iptables supported by the Linux kernel: filter, nat, mangle, and raw • Creating and installing new firewall rules • Structure of the filter table • Connection tracking and extension modules • Designing your own filtering firewall CONTENTS Section Title Page Firewalls in General 3 A “Demo” to Motivate You to Use Iptables 6 The Four Tables Maintained by the Linux Kernel for Packet Processing 14 How Packets are Processed by the filter Table 17 To See if iptables is Installed and Running 20 Structure of the filter Table 23 Structure of the nat Table 31 Structure of the mangle Table 34 Structure of the raw Table 36 What about the fact that the different tables contain similarly named chains? 37 How the Tables are Actually Created 39 Connection Tracking by iptables and the Extension Modules 47 Using iptables for Port Forwarding 52 Using Logging with iptables 54 Saving and Restoring Your Firewall 56 A Case Study: Designing iptables for a New LAN 61 Homework Problems 65 2 Computer and Network Security by Avi Kak Lecture 18 : FIREWALLS IN GENERAL • Two primary types of firewalls are – packet filtering firewalls – proxy-server firewalls Sometimes both are employed to protect a network. A single computer may serve both roles. • A proxy-server firewall handles various network services itself rather then passing them straight through. What exactly that means will be explained in the lecture on proxy server firewalls. • Packet filtering firewalls, on the other hand, take advantage of the fact that direct support for TCP/IP is built into the kernels of all major operating systems now. When a

• An ninh - Bảo mật
• Network security
• Lecture notes on Computer and network security
• Computer security
• Packet filtering firewalls
• Structure of the filter table
• Packet processing
• Optical packet header processing using novel pulse position modulation
• Optical packet header processing
• Novel pulse position modulation
• Synchronous OPS switching with fixed sized packets