We don’t want all the traffic we could possibly get to our Linux system. Some of it could be good, but some of it could also be bad. Some could just be, y’know, there. Like dust in the wind. But anyway, there’s traffic we don’t want near our system, like the traffic from people who want to do bad things to or with our computer. To prevent this, we use a firewall.
A physical firewall is a wall to prevent the spread of fire.
That would be spiffy, wouldn’t it? Surrounding the computer with a nice wall that prevents traffic. It would also make the computer weigh too much.
Instead, a computer firewall is a program. It’s designed to allow some traffic in and prevent other traffic from coming in. Similarly, it lets some traffic out but can prevent other traffic from going out.
For example, you want to surf the net, right? A firewall should let you do that. A web server is a server that hosts web pages (I know, I think it should have a spiffier name.) It runs on ports 80 and 443.
If you’re not running a web server, then there shouldn’t be any traffic trying to access that port. This being the Internet though, I bet someone does try. Just to be safe, let’s block it. We don’t actually put a block up like a physical firewall, we just drop the traffic. The computer says ‘what traffic? Never heard of it’.
On the other hand, if I start a connection to a web server and it says ‘well, today I’m going to reply on port 80’, you don’t want your firewall to drop that connection. You’d like your content, right? Give me http://www.computerlamp.net/ or bust!
That’s why there’s a rule that says ‘if I started the connection, let it finish’.
The standard firewall program for Linux is iptables. The rules can get quite complex, but so far, I’ve just talked about what we want the rules to do, not how to do them.
That’s next!