Documentation

Introduction

What is IPTables?

IPTables is a program that allows users to define the IP Packet Filtering rules of the Linux kernel firewall. These filters are organized under tables containing rule chains. Rules determine how incoming and outgoing network traffic packets to be handled in your server and under what conditions they are accepted or rejected.

Each table can contain built-in chains and user defined chains. Built-in chains can be listed as:

  • PREROUTING: Packets will enter this chain before a routing decision is made.
  • INPUT: The packet will be delivered locally. It has nothing to do with processes with an open socket; local delivery is controlled by the "local delivery" routing table. The command “ip route show table local” displays local delivery routing tables.
  • FORWARD: All packets that have been routed and were not for local delivery will traverse this chain.
  • OUTPUT: All packets sent by your server will enter this chain.
  • POSTROUTING: After routing decision has been made, packets enter this chain just before handing them off to the hardware.

You can refer to the Linux Manual for detailed information about IPTables.

What is ERWALL?

ERWALL is an application that allows system administrators to easily define iptables rules from a web interface. ERWALL consists of 2 programs, one is a ERWALL Server and the other is ERWALL Client.

ERWALL Server is the web application that hosts the panel where the rules are managed. Since firewall settings consist of highly confidential information, we have designed this application so that our customers can run it entirely on their own servers in order to protect their privacy. You can run the server application we sent you on your own server and define all your firewall rules locally, without the need to communicate with an outside agent.

ERWALL Client is the application that communicates with the ERWALL Server to run necessary commands in the server.

The agent you install on your server communicates with our web application, allowing the rules you define to work on your servers. At the same time, it allows you to easily manage your server through a web interface with features such as common configurations for different servers and advanced user management.

Thanks to the IPTables automation provided by ERWALL, you can define and run your advanced and comprehensive firewall rules on your servers without the need to work on the terminal. ERWALL works in integration with Merlin Web Services.

Why You Need ERWALL?

Configuring firewall is a daunting task even for experienced system administrators. It is complicated and tricky to work on multiple servers one by one via terminal. However, firewall settings are not fault-tolerant structures as they ensure the security of servers, therefore companies and users. A mistake made while configuring the firewall can cause serious security vulnerabilities in your system and may lead to serious legal and economic damage. Moreover, it is time consuming to run a configuration on multiple servers and push the changes made to all related servers.

ERWALL comes to your help at this point and allows you to easily set your configurations with its comprehensive interface. With ERWALL, you can group your servers and give references to the grouped servers in your firewall rules. You can group specific IP addresses with the IPSets you create and use the groups in your rules. Moreover, a firewall setting you make will be processed