firewall
The main function of the firewall is the isolation function, which is deployed on the edge of the network or the edge of the host; in addition, the main function of the firewall in production is to determine which data can be accessed by the external network and which data can enter the internal network; as the name implies, the firewall is in the TCP protocol network layer.
Firewall classification:
- Software firewall: 360, iptables, firewalld
- Hardware firewalls: routers, switches, Layer 3 switches
Firewall protection range:
- Host firewall: the service scope is the current host
- Network firewall: the service scope is the LAN on the side of the firewall, the only way
Method to realize:
- Software Firewall: Code Implementation Judgment
- Hardware firewall: There are not only professional hardware to realize the firewall function, but also software to cooperate
Network protocol division:
Network Layer: Packet Filtering Firewall
Application layer (proxy server): set data in and out
Network protocol division:
Network Layer: Packet Filtering Firewall
Application layer (proxy server): set data in and out
Network protocol division:
Network Layer: Packet Filtering Firewall
Application layer (proxy server): set data in and out
Network layer firewall - iptables
Here we focus on the network layer firewall, which also has its own firewall in our Linux system:
- firewalld centos7's own firewall
- iptables: packet filtering firewall
- selinux: built-in security tools
Integrated in one kernel: the netfilter component
Summary: iptables works at the network layer and filters and restricts ip data packets. It belongs to the user state and is a typical packet filtering firewall, which is reflected in the processing of information such as IP addresses and ports in the packets.