Firewalls make it possible to filter the incoming and outgoing traffic that flows through a system. A firewall can use one or more sets of “rules” to inspect network packets as they come in or go out of network connections and either allows the traffic through or blocks it. The rules of a firewall can inspect one or more characteristics of the packets such as the protocol type, source or destination host address, and source or destination port.
Firewalls can enhance the security of a host or a network. They can be used to do one or more of the following:
Protect and insulate the applications, services, and machines of an internal network from unwanted traffic from the public Internet.
Limit or disable access from hosts of the internal network to services of the public Internet.
Support network address translation (NAT), which allows an internal network to use private IP addresses and share a single connection to the public Internet using either a single IP address or a shared pool of automatically assigned public addresses.
After reading this chapter, you will know:
How to define packet filtering rules.
The differences between the firewalls built into FreeBSD.
How to use and configure the PF firewall.
How to use and configure the IPFILTER firewall.
How to use and configure the IPFW firewall.
Before reading this chapter, you should:
Understand basic FreeBSD and Internet concepts.