My Reasons For Writing This

Several years ago, while working for the State of Oklahoma as their "Internet Administrator" I was asked to "put the State on the Internet", with no budget. (Note: There was no such title at the time. I was just the guy doing all the work.) The best way to make this happen was to use as much free software and junk hardware as I could. Linux and a bunch of old 486s were all I had to work with.

Linux was my only hope. At the time (and even now) commercial firewalls are where every expensive. All the documentation I could find on how they work is considered almost top secret. As a result, I found creating a firewall of my own was almost impossible.

At my next job with American Floral Services (AFS), I was asked to put in a firewall and Linux had just added firewall code in the kernel. So again, with no budget, I started building a firewall with Linux. Six months later my firewall was in place and this document was updated.

Now, six years later, I have worked with lots of firewalls. CheckPoint Firewall-1, Cisco Pix, lots of simple router firewalls and every version of Linux based firewall there is. I consider Linux the best firewall there is. But it may be the most complex to setup.