44.0 Masquerading and Firewalls
Whenever Linux is used in a networked environment, you can use the kernel
functions that allow the manipulation of network packets to
maintain a separation between internal and external network areas. The Linux
netfilter framework provides the means to
establish an effective firewall that keeps different networks apart. With the
help of iptables—a generic table structure
for the definition of rule sets—precisely control
the packets allowed to pass a network interface. Such a packet filter
can be set up quite easily with the help of
SuSEfirewall2 and the corresponding YaST module.