Linux IPtables

The kiosk project

To illustrate all this, let's imagine we work for a store that's part of a larger chain called BigMart. They've been around for decades; in fact, our imaginary grandparents probably grew up shopping there. But these days, the guys at BigMart corporate headquarters are probably just counting the hours before Amazon drives them under for good.

Nevertheless, BigMart's IT department is doing its best, and they've just sent you some WiFi-ready kiosk devices that you're expected to install at strategic locations throughout your store. The idea is that they'll display a web browser logged into the BigMart.com products pages, allowing them to look up merchandise features, aisle location, and stock levels. The kiosks will also need access to bigmart-data.com, where many of the images and video media are stored.

Besides those, you'll want to permit updates and, whenever necessary, package downloads. Finally, you'll want to permit inbound SSH access only from your local workstation, and block everyone else. The figure below illustrates how it will all work:

The kiosk traffic flow being controlled by iptables.