Appendix A. Packet Filtering

Note
This appendix appeared was a separate chapter in earlier PNS releases. However, as of PNS 3.3, packet filtering and application-level services are handled and discussed together in Chapter 6, Managing network traffic with PNS, therefore manually modifying the packet filtering rules is required only very rarely, and is not recommended unless absolutely needed. Local PNS services are described in Section 9.4, Local services on PNS.

Note

This appendix appeared was a separate chapter in earlier PNS releases. However, as of PNS 3.3, packet filtering and application-level services are handled and discussed together in Chapter 6, Managing network traffic with PNS, therefore manually modifying the packet filtering rules is required only very rarely, and is not recommended unless absolutely needed. Local PNS services are described in Section 9.4, Local services on PNS.

The key point of the PNS firewall system is the PNS-based application proxy suit. Besides the application layer gateways, the enclosed packet filter also plays a very important role. Although all of the traffic is handled by the PNS proxies the packet filter also performs additional filtering and helps the proxies' work.

This chapter includes a short introduction on packet filter basics and technologies in general and also shows the main concepts of the Linux packet filter framework which is used with PNS. It also covers the commonly used packet filter policy style which is the default of the MS-based configuration. For further reading on the Linux packet filter, see Appendix C, Further readings.

In the world of computer networks each and every connection is based on packets. No communication takes place without packets. So if you want to filter traffic (connections) it is reasonable to filter the packets. Unlike proxies, packet filters operate with packets on the packet level. If the firewall drops the packets it would result in the drop of the connection.

Note
Packet filtering rules are created and managed automatically by MS. Usually it is not required nor recommended to modify them manually. If you want to transfer traffic without application-level inspection, create a packet filter service (see Procedure 6.4.1, Creating a new service for details). To enable access to services running on firewall hosts (e.g., SSH access), see Section 9.4, Local services on PNS. Typically you have to modify the packet filtering rules when you want to forward a traffic without terminating it on Application-level Gateway, like forwarding IPSec VPN connections.

Note

Packet filtering rules are created and managed automatically by MS. Usually it is not required nor recommended to modify them manually. If you want to transfer traffic without application-level inspection, create a packet filter service (see Procedure 6.4.1, Creating a new service for details). To enable access to services running on firewall hosts (e.g., SSH access), see Section 9.4, Local services on PNS.

Typically you have to modify the packet filtering rules when you want to forward a traffic without terminating it on Application-level Gateway, like forwarding IPSec VPN connections.

Previous		Next
	Home

Proxedo Network Security Suite 1.0 Administrator Guide

Appendix A. Packet Filtering

Appendix A. Packet Filtering