Changes

Suppose that a Fedora system is acting as the firewall for an internal network of computers. One of the systems on the network is configured as a web server. The domain web site hosted on this system is configured with the public IP address behind which the Fedora firewall system sits. When an HTTP web page request arrives on port 80 the Fedora system needs to know what to do with it. By configuring port forwarding it is possible to direct all web traffic to the internal system hosting the web server, either continuing to use port 80 or diverting the traffic to a different port on the destination server. In fact, oirt forwarding can even be configred to forward the traffic to a different port on the same system as the firewall. Configure port forwarding by selecting the ''Port Forwarding'' category in the ''Firewall Configuration'' window and clicking on the ''Add'' button. This will display the following dialog:  [[Image:fedora_firewall_port_forwarding.jpg|Configuring Fedora Firewall Port Forwarding]]  From within the above dialog, select the network device from which the traffic is to be forwarded, the protocol and port for which the forwarding is to be effective and the IP address of the system on the internal network to which the traffic is to be diverted. Optionally, also provide an alternate port number on the target system if required. To forward traffic to a different port on the local system (in other words the system running the firewall), select the ''Local forwarding'' option and specify the destination port. == ICMP Filtering == the Internet Control Message Protocol (ICMP) is used by systems on networks to send error messages. It is also the foundation of the ''ping'' command which is used to detect whether a particular client is alive on a network. The ''ICMP Filtering'' category allows for the blocking of specific ICMP message types. For example, an administrator might choose to block incoming ping (Echo Request) ICMP messages to prevent the possibility of a ping based denial of service (DoS) attack (where a server is maliciously bombarded with so many ping messages that it becomes unable to respond to legitimate requests). == Custom Rules == The Custom Rules category allows individual iptabes rules to be specified and loaded into the firewall. This provides a high level of flexibility to perform tasks such as blocking messages from a specific IP address or ranges of addresses. The power and flexibility of iptables allows just about any imaginable restrictions to be placed on the traffic passing through the firewall. This very power, unfortunately, makes a detailed overview of the technology far beyond the scope of this book.