Every user whose client connects to the Internet should configure his firewall immediately after installation. Some Linux distributions include firewall configuration as a part of installation, often offering a set of defaults configurations to choose from. However, to ensure that your machine presents the minimum "attack surface" (a measure of the number of vulnerable ports, user accounts, and sockets exposed to attack) to the predatory inhabitants of the Internet, you may need to do some manual configuration of your firewall. Here are three tools that can help.

The Linux kernel (version 2.4 onwards) contains a framework for packet filtering and firewalling using netfilter and iptables. Netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. Iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). Iptables has extensive documentation that can be accessed online or by typing man iptables at the command line. Yet despite the depth of the documentation available for iptables, its complexity can be baffling.

The GPL-licensed FireHOL allows you to configure iptables through its abstract, extensible configuration language, enabling you to write your configuration in something approaching a fourth-generation programming language.

FireHOL can be downloaded from SourceForge as an RPM binary or as source code. I downloaded the RPM and installed it on my Mandrakelinux system.

FireHOL runs a service/daemon, checking its own configuration file at startup and writing out an iptables configuration before automatically starting the iptables firewall. FireHOL backs up any existing iptables configuration during this process, so it should be safe to install alongside any existing configuration you have for iptables.

The link for this article located at NewsForge is no longer available.