A firewall is a mechanism that blocks some types of network traffic while allowing other types to pass, usually for the purpose of protecting a host or network from unauthorised access. The decision is usually made at the network layer, using protocol information obtained from the link, network and transport layers (such as MAC or IP addresses and TCP or UDP port numbers).
The iptables subsystem of the Linux kernel has the ability to act as a firewall if supplied with an appropriate ruleset. This can be done using the
iptables command. Firewall rules are usually placed in the
FORWARD chains of the
- Block unsolicited inbound network traffic using iptables
- Implement port knocking using iptables
- Limit the rate of inbound TCP connections using iptables
- Make the configuration of iptables persistent (Debian)