A firewall is in practice considered to be any network device, usually with two or more interfaces, that can filter network traffic. This includes everything from your home DSL/cable modem router (Linksys, D-Link, and Netgear being popular brands) up to enterprise-class commercial firewalls from vendors such as Checkpoint, Cisco, and Watchguard. Any machine running Linux, *BSD or Mac OS X also comes with firewall software, and many third-party firewall products are available for Microsoft Windows.
A firewall's primary purpose is to select which packets are allowed access to a certain host or network. Careful consideration must be taken when configuring your firewalls to permit IPsec traffic to pass within your networks. This chapter explains how to properly (and securely!) configure your firewalls to allow your VPN to function. Linux commands are given as examples for firewall rules, since many people want to combine the firewall and IPsec functionality onto a single machine...