(Can we build an enterprise-grade firewall with LINUX? The answer is yes, not only can, but powerful. We do not plan to touch ipchains here, after all iptables can do better. iptables' management of packets is very different from ipchains. It has now changed from a chain to a stack table. More importantly, iptables can be based on status, not just packet filtering. It can be used to build a powerful firewall. I heard that someone has written 10,000 lines of code with it. I think it must be very excellent. Firewall commands Firewalls are very important in the process of implementing security. A firewall policy should conform to four schemes, and each scheme is generally not implemented by a separate device or software. In most cases the components of the firewall are used together to meet the needs of enterprise security intent. The firewall must be able to satisfy the following four schemes: 1gt;?? The primary purpose of implementing an enterprise security policy is to enforce your security policy. For example, your security policy needs to limit the SMTP traffic of the MAIL server, then you need to These policies are enforced on the firewall. 2gt;?? Create a choke point firewall to establish a point of view between an enterprise's private network and sub-networks. This implementation requests that all traffic go through this viewpoint. Once the point of view is established, the firewall can monitor, filter and view all incoming and outgoing traffic. Known in cybersecurity as choke points. By forcing all incoming and outgoing traffic to pass through these viewing points, administrators can focus on fewer locales to achieve security intent. 3gt;?? Recording the Internet flow firewall can also force log records, and provide alarm functions. By implementing logging services on the firewall, administrators can monitor all access from the extranet or the Internet. A good log is one of the most effective tools for proper network security. 4gt;?? Restricting network exposure The firewall creates a maintenance divide around your network. And about the public network hiding some information about internal systems to add privacy. When remote nodes/points probe your network, they can only see the firewall. Remote devices will not know the design of your internal network and what it is all about. The firewall enhances the authentication function and encrypts the network to limit the exposure of network information. Limit attacks from the outside by viewing the incoming traffic.)