A software firewall inspects incoming and outgoing network packets to determine whether they should be allowed or blocked based on configured firewall rules. The document describes a training report on implementing a graphical user interface (GUI) version of iptables using Perl and the dialog tool. Key features of the SYS firewall implemented include authorizing users, limiting service access, filtering packets, network address translation (NAT), and masquerading. The GUI allows configuring and customizing firewall rules to block ping requests, drop all policies, and implement SNAT, masquerading, and DNAT.

1. TRAINING REPORT ON
SYS - FIREWALL
Secure Your System
A handy tool for System-Administrators
Chandra Prakash Pathak
08EMTCS032
Computer Science
Maharishi Arvind Institute of Engineering and Technology, Jaipur
http://technostall.com

2. Company Profile- Linux World
• The best awarded Red Hat partner in India.
• The company has been contributing a great
deal to Linux Server & Networking industry by
fulfilling its need for trained manpower in the
field of Linux support, Networking, System
Integration & Programming.

3. GREEN-HORNE PROJECT
(An open source operating system)
Module: SYS Firewall

4. What is a Firewall?
A firewall is hardware, software, or a combination of both that is used to
prevent unauthorized programs or Internet users from accessing a private
network and/or a single computer.

5. How does a software firewall work?
• Inspects each individual “packet” of data as it
arrives at either side of the firewall
• Inbound to or outbound from your computer
• Determines whether it should be allowed to
pass through or if it should be blocked

6. Firewall Rules
• Allow – traffic that flows automatically
because it has been deemed as “safe” (Ex.
Meeting Maker, Eudora, etc.)
• Block – traffic that is blocked because it has
been deemed dangerous to your computer
• Ask – asks the user whether or not the traffic
is allowed to pass through

7. What a personal firewall can do
• Stop hackers from accessing your computer
• Protects your personal information
• Blocks “pop up” ads and certain cookies
• Determines which programs can access the
Internet

8. What a SYS firewall can do
• Authorizing users
• Limiting access for the services
• Filtering the packets
• NATing
• Masquerading

9. Requirements
• Linux Kernel 2.4.x or higher
• iptables
• Perl 5.6 or higher
• dialog

10. User interface with “dialog”
dialog --title “Linux dialog utility infobox”
--backtitle “Linux shell script tutorial”
--infobox “This is a dialog box called infobox,
which is used to show information on the
screen, Thanks to Savio Lam and Stuart
Herbert to give us this utility. Press any key…”
7 50;

12. Implementing iptables
• Using Perl and dialog I build a GUI version of
the iptables.
Perl – For coding purpose
dialog – For Graphical User Interface

13. How does it work?
• Step 1 – Run the application (perl sys.xls)
• Step 2 – Check required packages

14. • Step 3 – Authenticate User (password)

15. • Step 4 – Main Interface

16. • Step 5 – Customize rules

17. Dropping all policies
• iptables -P INPUT DROP
• iptables -P OUTPUT DROP
• iptables -P FORWARD DROP

18. Block Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

19. A dynamic approach
# iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
# iptables -P INPUT DROP
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

20. SNAT
• For static connections.
• iptables -t nat -A POSTROUTING -o eth0 -j
SNAT --to-source <SERVER'S_EXTERNAL_IP>

22. Masquerade
• For dynamic connections.
• iptables -t nat -A POSTROUTING -o ppp0 -j
MASQUERADE

23. DNAT
• iptables -t nat -A PREROUTING -i ppp0 -p tcp --
dport 80 -j DNAT --to-destination
192.168.1.24:80

24. Extra services
• Saving rules
• Logging
• Exit

25. THANK YOU!
Any Queries?