Firewalls make it possible to filter incoming and outgoing traffic that flows through your system. A firewall can use one or more sets of “rules” to inspect the network packets as they come in or go out of your network connections and either allows the traffic through or blocks it. The rules of a firewall can inspect one or more characteristics of the packets, including but not limited to the protocol type, the source or destination host address, and the source or destination port.
Firewalls can greatly enhance the security of a host or a network. They can be used to do one or more of the following things:
To protect and insulate the applications, services and machines of your internal network from unwanted traffic coming in from the public Internet.
To limit or disable access from hosts of the internal network to services of the public Internet.
To support network address translation (NAT), which allows your internal network to use private IP addresses and share a single connection to the public Internet (either with a single IP address or by a shared pool of automatically assigned public addresses).
After reading this chapter, you will know:
How to properly define packet filtering rules.
The differences between the firewalls built into FreeBSD.
How to use and configure the OpenBSD PF firewall.
How to use and configure IPFILTER.
How to use and configure IPFW.
Before reading this chapter, you should:
Understand basic FreeBSD and Internet concepts.