4 Filtering
One primary use of iptables that can benefit every host is filtering. Network traffic filtering is, essentially, what a network
firewall does.
Because filter is the default able, there is no need to specify the table if a chain or rule is a part of the filter
table.
Before typing any commands, it is important to review what you want to filter. You can write down the rules in any
language, then translate them into iptables commands. Experienced administrators can think in iptables
commands, but most people benefit from writing everything down in English (or whatever native language)
first.
Once you have the basic rules spelled out in a natural language, you can use many frontend tools to configure iptables.
Here is a list of some of these frontend tools:
- guarddog: this is a KDE GUI program for the configuration of firewalls (using iptables as the backend). It is,
perhaps, one of the most mature open source products for firewall configuration. However, keep in mind that
it is a GUI application. You can run xserver on a workstation, and run guarddog remotely on a server. This
means you don’t have to install XWindow on the server. However, X applications generally generate quite a
bit of network traffic. This program is great if you are configuration a machine that is already running KDE.
- firewall builder (aka fwbuilder): this is another GUI frontend for firewall configuration. fwbuilder is not
a KDE application, which means it does not require as much resources as guarddog. Nonetheless, it is still an
XWindow application.
- Vuurmuur: this is a text-only firewall configuration frontend. It uses “curses” to use text screens as its main
interface. As a result, it can easily be run on any server via a modest remote connection. Consequently, if you
need to perform remote firewall configuration, this application is better suited.