LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

View Poll Results: Useful?
Yes, brill, cheers. 3 100.00%
No. What the hell is this rubbish? 0 0%
Voters: 3. You may not vote on this poll

Reply
 
LinkBack Search this Thread
Old 11-05-2007, 08:22 AM   #1
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
iptables - rc.firewall (Projectfiles/lfw.sourceforge.net) mirror of script


I've just seen a load of "give me your iptables lists"-style questions and thought that the following might be useful.

There used to be a file called Projectfiles rc.firewall - it later moved (briefly) to lfw.sourceforge.net but it seems to have now died. It's a plain bash script that sets up a fantastic iptables config and which you can use on servers, clients and routers without hassle.

It has a lovely, simple, "variable" config and the default (i.e. without changing a thing in the file) is a perfect single-computer firewall. Just by adding a list of internal interfaces to one variable you get a fully-protected NAT gateway.

It's perfect for Slackware, especially, as it just goes into /etc/rc.d/ where it will automatically be executed at startup. It's very customisable and creates some very strong rules without needing to know a single iptables command. Additionally, it's requirements are absolutely minimal and it has no dependencies on anything (except bash, of course).

When I found out that it was no longer easily available on the net I went through all my backups and found the documentation and several versions of the scripts, which I have posted on my blog here:

http://ledow.blogspot.com/2007/07/mi...tfilescom.html

I thought that a few people might find this useful. I've heard several people on these forums recommend this particular script and it would be a shame to lose it forever.

Last edited by ledow; 11-05-2007 at 08:24 AM.
 
Old 11-05-2007, 09:02 AM   #2
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Rep: Reputation: 31
So should I just download the rc.firewall script and edit the first few variables? Or are some of those other files needed to get what you're talking about?
 
Old 11-06-2007, 03:10 AM   #3
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Original Poster
Rep: Reputation: 34
The rc.firewall script is self-contained - it's all you NEED.

You might WANT the documentation (the html files) to make sense of the more advanced options but you can probably work 99% of it out from just reading the top part of the script (where the configuration is).

The other stuff is just older versions of the same script for those who want them. As far as I can tell it's very minor bug-fix style changes, so you're better off with the 2.0final version.

I only have the rc.firewall script on my own machines - one's a laptop with wireless and VPN, one's a desktop with wireless, VPN, DMZ and also the NAT gateway for the rest of the network, one's just an ordinary Linux computer that sits on the network. They all use just the rc.firewall scripts with different options in the top-half of the script.
 
Old 11-06-2007, 05:14 PM   #4
Vincent_Vega
Member
 
Registered: Nov 2003
Location: Jacksonville, FL
Distribution: Slackware & Arch
Posts: 825

Rep: Reputation: 31
Ok, thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GeoXPlanet now available at Sourceforge.net rocket357 Linux - News 7 04-05-2008 08:22 AM
Where is projectfiles/rc.firewall gone? Sjonnie48 Linux - General 3 06-01-2007 02:42 PM
i don't link to sourceforge.net,why ywchen2000 General 3 01-26-2006 05:04 AM
Any sourceforge.net users here? vharishankar General 6 12-15-2005 06:58 AM
Can't resolve sourceforge.net. grayswander Linux - Networking 1 04-05-2004 08:23 AM


All times are GMT -5. The time now is 06:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration