Because your situation will be unique, it is impossible to provide a "cookbook" firewall for you. However, the following is a beginning firewall for a system with three NICs. The NICs have the following IP addresses:
Thus, Eth0 represents the 22.214.171.124/24 network, Eth1 represents the 192.168.1.0/24 network, and Eth2 represents the 10.100.100.0/24 network.The intention is to create a firewall that allows the Eth1 and Eth2 networks to communicate freely with each other, as well as get on to the Internet and use any services (Web, e-mail, FTP, and so forth). However, no one from the Internet should be able to access internal ports below port 1023. Again, this configuration does not spend much time limiting egress (i.e., outbound) traffic. Rather, it focuses on trying to limit ingress (inbound) traffic. Any of the Ipchains or Iptables commands given in the following sections can be entered into any script, or into a directory or file such as /etc/rc.d/init.d/ or /etc/rc.d/rc.local.This way, your rules will be loaded automatically when you reboot your system.
Was this article helpful?