You are starting to move your company to Linux as the server platform of choice. With the seemingly continual stream of alerts about the different hacks possible, you know that you should put some type of firewall in place to protect the servers. However, finding the right ones from the myriad of choices available can be tough.

Linux has firewall functionality in it by the name of iptables. While there is some documentation on the man pages on how to set this up, there are also several books on the market that go into further detail. Take a look at Linux Firewalls by Robert Ziegler. Another reference that you should have in your library is Linux IP Tables by Joe Dupnik and the folks at Mindworksuk.com. This CD, while not a cookbook or exhaustive technical reference, will help get you thinking in the manner that will make the process of going to iptables as painless as possible. A nice utility included in the package is a KDE GUI that will make the process even more streamlined to deal with and even give you some limited network monitoring ability in the process.

Depending on how many servers you have, you can implement iptables on each server as appropriate for the services running on each particular server. This means that you will need to maintain a firewall on each server that you implement iptables on. This will work well if you only have a small number of servers.

But if you have a lot of servers, it probably makes sense to go with a central firewall -- with a single central iptable configuration -- that all workstations on your network will go through to reach a particular server. With this approach, however, be sure the firewall server can handle all the traffic going through it from all the devices on your network. And make sure the server is reliable, because if it crashes, you'll either need to switch to a backup firewall server or you'll have to do some quick reconfiguring of all the servers it's protecting to answer workstation requests directly.

Another approach is to use one of the bootable firewall distros that you will find on sourceforge.net and other sites. With some of these distributions, you can save the firewall config to a floppy or USB memory key - letting you quickly set up new or replacement firewalls. Since you're new to Linux, this approach might make more sense initially, because you won't need to spend as much time getting up to speed on both Linux and iptables. Or you could just use one of the commercially available firewalls to provide this functionality until you are ready to make the move to iptables.