Here is some introductory material on Firewalls, what they are, how we build them, and so forth.
This afternoon try to read as many of these papers as possible, starting with the basic information, and discuss them as a team. Write down any concepts that you are unfamiliar with and we will discuss them tomorrow. If you have questions, try to find the answers using the Internet. A good search engine for technical questions like this is google but other methods will work as well.
Today (and possibly continuing tomorrow as well) I want you to work on writing a complete IPtables script. Here is the information you will need to implement the script, hints on how to do it are at the end. We will build off this script in the following days so it is important you understand what is going on. You will have two interfaces, called eth0 and eth1. eth0 is the internal interface (private) eth1 is the external interface (public) All traffic coming from the private interface, eth0, is allowed. (We trust ourselves :) However, all traffic from the public interface is filtered. We will Deny all traffic EXCEPT the following it will allow FTP traffic. it will allow Mail traffic. there are two ports here; look up POP and IMAP. it will allow Web traffic. There is also an evil hacker using 255 machines on the subnet containing this host: www.microsoft.com We want to block all of his machines. (hint: you should do this with a subnet mask, not by 255 deny statements). ------------------------------------------------------------------------------- Problems: First you need to find the syntax for iptables. Use the links on on the webpage for this project. Then, you need to find the port numbers for the traffic that you are allowing (ftp/etc). Then you need to find the IP address of the evil hacker's machine, then block the entire subnet. Put this all together in a file in the iptables syntax. Ask me if you have any questions. -------------------------------------------------------------------------------