Introduction to Setting up a Firewall
A firewall is simply a utility that manages network traffic access to and from a machine, whether a server or a desktop. Windows users will be familiar with the proprietary firewalls available, such as Symantec, Norton or Kaspersky which are vital for stopping unwanted processes getting access to their machine. The standard Linux firewall package is called iptables (-aka netfilter).
[A firewall] allows you to define rules which specify which traffic to allow or disallow
iptables allows you to define rules which specify which traffic to allow or disallow. There are three types of traffic that you can add a rule for:
Inbound: traffic coming from the network and destined for your computer. This is the category to use to control external attacks and is therefore the most common category where controls are applied
Outbound: traffic coming from your computer and destined for somewhere on the network. This is the category to use to control the resources that users on this computer can access (-normally used for things like stopping users of a PC connecting to various external services - e.g. a network printer or server containing sensitive data)
Forward: traffic coming from outside your computer and destined for somewhere on the network, but passing through your PC. This is only really relevant if your machine is set up as a network router or the like
For each category, you can set a default policy for each category, which can be either:
You can then define specific exceptions to the default to allow/restrict access to those resources required.