On all the Linux systems and network administrator for a basic trick is knowing how to write a strong start the iptables firewall, and know how to Xiugai it, Shi Qi to adapt to many situations. However, in the real world, it seems very few. Study on the iptables is not a simple process, but here I recommend to you the following information outside the Internet, so you're handy to use a.
I believe that all administrators should be thoroughly understood Iptables, however, another alternative is to use the excellent open-source Linux firewall generation tool.
Firewall Builder
The first appearance of that Firewall Builder, this is a perfect multi-platform graphical open source Linux firewall configuration and management tools. It runs on iptables, ipfilter, OpenBSD's PF, Cisco PIX above. By design, it will hide the details of the design rules, and focus on the preparation of strategy. However, do not you run a real firewall firewall generator, because it requires X Windows. You need to run on a workstation, then copy the script to the firewall.
Firestarter
The second is the Firestarter, it is a good graphical open source Linux firewall build guide, which can guide you step by step through the process of building open-source Linux firewall. The only shared with the public for the LAN IP address of the NAT firewall, this is a good choice, and a firewall, it also has some public service, or a separate DMZ. It has a firewall turned on or off some simple commands, you can view the status of view and current activities. You can be run in a headless computer, and remote monitoring of, or be used as a stand-alone firewall.
Shorewall
Third Shorewall is a popular open-source Linux Firewall Builder. It is more complex and flexible than the Firestarter, and it is suitable for more complex networks. Shorewall learning curve similar to iptables, but rich in its documentation, and provides solutions to provide guidance in different situations, such as a single host firewall, the two interfaces and three interfaces firewall, and have more than one public IP address of the firewall and so on. You can get a lot of help on filtering P2P services such as Kazaa rate limiting, QoS (Quality of Service), VPN passthrough and so on.
We recommend that you three software to let the user can use the open source Linux firewall, but do not have to spend money to buy a commercial firewall software, which in any case not as good as the built-in Linux and Unix packet filter. Users should be limited funds for the purchase of higher quality hardware.