Firewall

1. Firewall Dave Grizzanti Steve Curti

2. What is an Internet Firewall? • An Internet firewall is most often installed at the point where your protected internal network connects to the Internet. • It prevents the dangers of the Internet from spreading to your internal network.

3. What is an Internet Firewall? • All traffic coming from the Internet or going out from your internal network passes through the firewall. Because it does, the firewall has the opportunity to make sure that this traffic is acceptable. • What does "acceptable" mean to the firewall? Basically anything being done - email, file transfers, remote logins, or any kinds of specific interactions between specific systems - conforms to the rule set of the network.

4. What can a firewall do? • A firewall is a focus for security decisions. • All traffic in and out must pass through this single, narrow checkpoint. • A firewall can enforce a security policy. • It enforces the site's security policy, allowing only "approved" services to pass through and those only within the rules set up for them. • A firewall can log Internet activity. • Because all traffic passes through the firewall, the firewall provides a good place to collect information about system and network use - and possible misuse. • A firewall can limit your exposure. • A firewall can also be used to keep one section of your site's network separate from another section.

5. Setup • Used IPFirewall (IPFW). • The IPFirewall (IPFW) is a FreeBSD sponsored firewall software application authored and maintained by FreeBSD volunteer staff members. • IPFW is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the kernel module when the rc.conf is modified.

6. Setup • /etc/rc.conf Options • firewall_enable="YES“ • Set the script to run to activate your rules: firewall_script="/etc/ipfw.rules” • Enable logging: firewall_logging="YES"

7. IPFW Rule Set • A rule set is a group of ipfw rules coded to allow or deny packets based on the values contained in the packet. • The firewall rule set processes the packet twice: once on its arrival from the public Internet host and again as it leaves for its return trip back to the public Internet host. • When a packet enters the firewall it is compared against the first rule in the rule set and progress one rule at a time moving from top to bottom of the set in ascending rule number sequence order. When the packet matches a rule selection parameters, the rules action field value is executed and the search of the rule set terminates for that packet.

8. IPFW Rule Set • This is referred to as “the first match wins” search method. If the packet does not match any of the rules, it gets caught by the mandatory ipfw default rule, number 65535 which denies all packets and discards them without any reply back to the originating destination. • An inclusive firewall only allows services matching the rules through. This way you can control what services can originate behind the firewall destined for the public Internet and also control the services which can originate from the public Internet accessing your private network. Everything else is denied by default design.

9. IPFW Commands • Enabling or disabling the firewall • “ipfw enable firewall” • “ipfw disable firewall’” • Loading ruleset • “sh ipfw.rules” • Seeing active rules • “ipfw list” • Log File • “/var/log/security”