Everyone thinks they know what a firewall is until you get down to the details. In a large sense, a firewall is a system that protects the local network from the big bad global network. It is the sentinel through which all network traffic must pass before it can enter or exit the local network. In its simplest incarnation, a firewall is a filtering router that screens out unwanted traffic. And at its most complex, it is an entire network with multiple routers and multiple servers.
Linux provides the traffic-filtering tools needed to create a simple firewall. Combining the routing capabilities of Linux with the filtering features of iptables creates a filtering router. Additionally, and more commonly, iptables can be used to filter traffic that arrives at a Linux server's network interface before that traffic is passed up to the network applications running on that server. This gives Linux the capability to build a firewall within the server itself, which provides access control for all possible network services.
Was this article helpful?