2. IPFWADM basics

Contents of this section

2.1 What is ipfwadm?

To quote the author of the %man ipfwadm

Ipfwadm is used to set up, maintain, and inspect the IP firewall and accounting rules in the Linux kernel. These rules can be divided into four different catagories: accounting of IP packets, the IP input firewall, the IP output firewall, and the IP forwarding firewall. For each of these catagories, a separate list of rules is maintained. See ipfw(4) for more details.

It should be noted that when combined with various other firewalling technologies including fwtk it can create a very robust, secure, firewall device. It is important to mention that it unto itself is a very flexible single technology firewalling solution. When combined with fwtk which operates at the application level it becomes even more powerful.

2.2 Why should I use it?

Traditional routers are vulnerable to different kinds of attacks. Somebody who has access to machines on the Internet, in any fashion, can gain unauthorized access to your systems in a multitude of ways. It is also possible for such a person to destroy or alter at will any unprotected areas of your network.

2.3 What kinds of attacks does ipfwadm protect against?

ipfwadm protects against:

To encapsulate it can act as a walling off point to all the services based on tcp, udp, or icmp that your network offers or allows access to from your network.

2.4 What kind of attacks does ipfwadm not protect against?

ipfwadm will not protect you from attacks based on weaknesses inherent in clear text based services for those you will be required to utilize encryption. It will also not protect you from malicious after authentication attacks. So be wise and use a secure authentication system that is unpredictable and hopefully more difficult to crack.

If you allow user services on the firewall that is running ipfwadm then all bets are off as each service provided increases the odds of compromise. One needs only look at the serious issues that unaddressed holes in exploder have surfaced to understand the security issues involved. In fact security administrators should seriously consider not allowing any service that you do not understand the implications of providing. Since this is sometimes unrealistic consider this if for instance you offer net meeting without analysing exactly how it provides service then you are dead in the water before you begin. In conclusion any service that you offer through your firewall can only be as secure as the service itself is... If in doubt deny access to it. Plus if you are lost with which services to run through the firewall with a personal inventory of a secure solution beyond your time or means then do not allow it or face the consequences. Perhaps a better solution if this is the case is to contact a professional whose business is computer security.

2.5 How does it work?

For more extensive information, please refer to the ipfwadm and ipfw man files.

IPFWADM works by analysing the packets flowing either into your network or flowing out of your network and applying a series of rules depending on what specific action the IP packet is taking. The actual firewall is divided into 4 action specific modules each responsible for a specific purpose. The 4 components are divided as follows:
1- a rules based input firewall module for tcp, udp, and icmp related packets
2- a rules based output firewall module for tcp, udp, and icmp related packets
3- a rules based forwarding firewall module for tcp, udp, and icmp related packets
4- a rules based accounting firewall module for recording tcp, udp, and icmp related packets
By manipulating the using of these above rules the firewall administrator controls the personality of the firewall explicitely.

Next Chapter, Previous Chapter

Table of contents of this chapter, General table of contents

Top of the document, Beginning of this Chapter