Go outside and pop the hood of your car. You should see a thick metal barrier at the back of the engine compartment. This is called the firewall. To see how it works, poke a small hole in the fuel line so that a tiny amount of gasoline starts dripping on the engine block. Now close the hood, start the car, and head out on the highway (Some of you may choose to save life and limb (and time!) by merely visualizing this exercise).
If you have positioned the puncture correctly, within a few minutes the escaped gasoline should ignite and cause a small engine fire. At this point you may see smoke emerge from the engine compartment. Continue driving. You should be able to proceed a considerable distance before the heat becomes uncomfortable and toxic fumes and flames start to enter the passenger compartment.
The reason you can drive so far with a flaming engine is because the firewall is a highly effective barrier between the engine compartment and the passenger compartment. If your car had no firewall, the engine fire would have already melted the dashboard electronics and plastic, destroyed the upholstery, and toasted you to a crisp.
Now. Pull over and very carefully extinguish the fire.
A similar principle can be applied to networked computers. Picture your machine as the cozy, tricked-out interior of your automobile, and the outside world as the dirty but powerful engine that makes it go. It won’t do to have the vulnerable components of your network exposed to the engine’s maliciously raging heat — it’s best to install a firewall.
Let us abandon our weakening metaphor here before it carries us into a ping-pong tournament without a paddle. A firewall, in the networking sense, is a machine that straddles the interface between a private network and the Internet at large, and follows predetermined rules for allowing certain traffic to pass, while blocking traffic that’s unwanted.
So, how to get yourself one of those disaster-averting firewalls? You can start by reading on.Continue Reading “Set Up a Linux Firewall on Your Network” »