Enas firewall einai kati poy xrhsimopoieitai ws kommati enos aytokinhtoy. Sta aytokinhta firewalls einai ta fysika antikeimena poy xwrizoyn to kinhthra apo toys epibates. Ayta prostateuoyn toys epibates sth periptwsh poy o kinhthras piasei fwtia enw parexoyn akomh ston odhgo, prosbash sto xeirismo toy kinhthra. Enas firewall stoys ypologistes einai mia syskeyh (H/Y) poy prostateuei ena proswpiko diktyo apo to dhmosio kommati. (To Internet san sunolo.)
O firewall ypologisths, apo edw kai pera 8a onomazetai "firewall", mporei na "akoympa" amfotera, to prostateyomeno diktyo kai to Internet. To prostateyomeno diktyo den mporei na proseggisei to Internet, oute to Internet mporei na proseggisei to prostateyomeno diktyo.
Gia kapoion poy 8elei na epikoinwnhsei me to Internet mesa apo to prostateyomeno diktyo, prepei na kanei sundesh telnet sto firewall, kai na xrhsimopoihsei to Internet apo ekei.
H aplousterh morfh enos firewall einai ena diplo spitiko susthma (ena susthma me duo syndeseis diktuoy). EAN MPOREITE NA EMPISTEYTHTE OLOYS TOYS XRHSTES SAS mporeite apla na sthsete ena Linux (metaglwttiste to pyrhna me IP Forwarding apenergopoihmeno) kai dwste oloys toys logariasmous panw toy. 8a mporoun na kanoyn sundesh sto susthma (login), telnet, FTP, na diabazoyn e-mail, kai na xrhsimopoioun o,ti exete efodiasei. Me ayto to sthsimo, o monos ypologisths sto proswpiko sas diktyo poy 8a gnwrizei ta panta sxetika me ton ejw kosmo einai o firewall. To allo susthma sto prostateyomeno diktyo sas, den xreiazontai kan na orisete to synh8es dromologio (default route).
Ayto xreiazetai mia dieykrinhsh. Gia na doylecei o parapanw firewall PREPEI NA EMPISTEYESTE OLOYS TOYS XRHSTES SAS! Den to proteinw ayto.
To problhma me toys firewalls filtrarismatos einai oti parempodizoyn th prosbash sto diktyo apo to Internet. Mono yphresies sta systhmata poy exoyn perasei to filtrarisma mporei na parex8ei prosbash. Me toys diakomistes ejoysiodothshs oi xrhstes mporoun na synde8oun (login) sto firewall, exontas prosbash se ka8e susthma mesa sto proswpiko sas diktyo, opoy exoyn prosbash.
Epishs, neoi tupoi apo pelates diktuwn (network clients) kai diakomistwn erxontai sxedon ka8e mera. Otan ayto symbei 8a prepei na breite neoys tropoys gia na epitrecete thn elegxomenh prosbash prin aytes oi yphresies mporoun na xrhmopoih8oun.
Yparxoyn duo tupoi firewalls
O IP firewall filtrarismatos doyleuei san isosta8misths paketwn. Exei sxediastei gia na elegxei th roh apo paketa basismena sth phgaia (proorismenh) pulh kai stis plhrofories poy periexei ka8e paketo.
Aytos o firewall einai polu asfalhs alla sterhtai opoiasdhpote eidoys xrhsimh eggrafh symbantwn. Mporei na mplokarei to kosmo apo th prosbash sto proswpiko sas diktyo alla den 8a anaferei poios prospelase to dhmosio susthma h poios to Internet apo mesa.
Ta Firewalls filtrarismatos einai apolyta filtra. Akomh kai an 8elete na dwsete prosbash ap' ejw apo toys proswpikous sas diakomistes den mporeite na to kanete xwris na dwsete stoys pantes prosbash stoys diakomistes.
To Linux perilambanei to paketo filtrarismatos sto pyrhna apo thn ekdosh 1.3.x
Oi diakomistes ejoysiodothshs epitrepoyn thn emmesh prosbash sto Internet mesw toy firewall. Kallitero paradeigma pws doyleuei einai, ena atomo kanei telnet se ena susthma kai meta allo telnet apo ekei pros kapoy allou. Mono me toys diakomistes ejoysiodothshs h leitoyrgia einai aytomath. Otan synde8eite se ena diakomisth ejoysiodothshs me to diko sas pelateiako logismiko (client software) o diakomisths jekina to diko toy pelateiako (ejoysiodotoumeno) logismiko kai metabibazei ta dedomena sas.
Epeidh oi diakomistes ejoysiodothshs anaparagoyn oles tis epikoinwnies mporoun na katagrafoyn o,ti kanoyn.
To kalo me toys diakomistes ejoysiodothshs einai oti, einai entelws asfaleis, otan ry8mistoun swsta. Den 8a epitrecoyn se kapoion na perasei apo mesa toys. Den yparxoyn amesa IP dromologia.