Se­cur­ing Net­work Com­mu­ni­ca­tion with fire­walld

If you are in need of a dy­nam­i­cally man­aged fire­wall with sup­port for net­work/ fire­wall zones, and with a trust level for net­work con­nec­tions or in­ter­faces, then fire­walld is the tool for you. It is free, open source and built into RHEL 7.

OpenSource For You - - Contents -

The Linux kernel in­cludes a pow­er­ful net­work fil­ter­ing sub-sys­tem called net­fil­ter. This al­lows kernel mod­ules to in­spect every packet travers­ing the sys­tem. This means that any in­com­ing, out­go­ing or for­warded net­work packet can be in­spected, mod­i­fied, dropped or re­jected in a pro­gram­matic way, be­fore reach­ing com­po­nents in the user space. That is the main build­ing block for set­ting up a fire­wall on a Red Hat En­ter­prise Linux 7 (RHEL 7) ma­chine.

In­ter­act­ing with net­fil­ter

Although it is the­o­ret­i­cally pos­si­ble for sys­tems ad­min­is­tra­tors to write their own kernel mod­ules to in­ter­act with net­fil­ter, this is typ­i­cally not done. In­stead, other pro­grams are used to in­ter­act with net­fil­ter. One of the most com­mon and well-known of these pro­grams is ipt­a­bles. In pre­vi­ous RHEL re­leases, ipt­a­bles was the main method of in­ter­act­ing with the kernel net­fil­ter sub-sys­tem.

The ipt­a­bles com­mand is a low-level tool, and it can prove to be in­ad­e­quate when man­ag­ing fire­walls. In ad­di­tion, it only ad­justs IPv4 fire­wall is­sues. Other util­i­ties such as ip6ta­bles for IPV6 and ebta­bles for soft­ware bridges need to be used for more com­plete fire­wall cov­er­age.

In­tro­duc­ing fire­walld

In RHEL 7, a new method of in­ter­act­ing with net­fil­ter has been in­tro­duced – it is called fire­walld, and is a sys­tem dae­mon that can con­fig­ure and mon­i­tor the sys­tem’s fire­wall rules. Ap­pli­ca­tions can talk to fire­walld to re­quest ports to be opened us­ing the DBus mes­sag­ing sys­tem, a fea­ture that can be dis­abled or locked down. It cov­ers IPv4, IPv6 and, po­ten­tially, ebta­bles set­tings. The fire­walld dae­mon is in­stalled from the fire­walld pack­age. This pack­age is part of a base in­stall, but not part of the min­i­mal in­stall.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.