Network Firewall

The network firewall is external from the server itself. It is on the routers and switches with the traffic passes through before it even reaches your server. There are many benefits in submitting rules into the network firewall. One of the main benefits is when you wish to block an IP address which is sending large volumes of malicious traffic to your server. Through the use of the network firewall you will be able to offset the Firewall activities to the network level as it means the traffic doesn’t even made a connection to the server.

By default the network level firewall has an ACCEPT all policy. There are a total of 20 rules which you can make use of. The firewall rule numbers start from 0 to 19 inclusive. For our firewall we will build some rules, however as the default policy is accept all, we will need to include a refuse all.

For rule 19, we will refuse all, this in essence will block all connections. The reason why we have placed this refuse all rule is because the firewall works in ascending order. Rules 0 will be executed first with rule 19 being executed last.

network_firewall_rules

If our connection matches one of the rules between 0-18 inclusive, our connection will be accepted. If our connection doesn’t match then it will fall to the rule 19 in which our connection will be declined.

As rule 19 refuses all connections, we will use rule 0 to authorise connections. For our server it is a web server which serve websites, we specify the firewall to only allow certain IP addresses to visit our website. In this case only the IP address of 1.2.3.4 will be able to see our website.

network_firewall_add

On the network firewall we can set many advance rules, we can look to define specific rules such as AH, ESP, GRE, ICMP, IPv4, TCP and UDP.