[Work in progress] New command line Firewall generator proposal.

NoStressHQ · 08-01-2011, 05:07 AM

Hi all,

It's been a while I was thinking about that, so last night I started the development of a firewall script generator, inspired from the one available on AlienBob's site (and Slackware one).

Why ? Just because I wanted to be able to specify simple rules in a file, like this:

Code:

accept in/tcp[20]	ftp-client	# FTP Client
accept in/tcp[21]	ftp-server	# FTP Server
accept in/tcp[22]	sshd		# SSH Server.

And to be able to automate the whole thing in scripts (maybe one day include it in the startup script or something like that). Also I found this way far more easy when working on remote server through ssh, and more flexible to fine tune the firewall instead of going through a web page.

So here it is, as a warning: it's obviously early work in progress, but it nearly does the job as I wanted. So I provide the fresh baby to you guys, in hope that some of you will find this useful.

Edit: Updated archive !
No more development mode (read README.txt and Changelog.txt)
The bloody archive

The pile of warnings for work in progress are more there to hide the ugly way it is right now, not all features are there, the documentation is poor, on the other hand it should be quite simple to use for most of you. It's quite documented, and even take the time to write a little doc in the hurry

.

Of course don't hesitate to give some feedback, and if my english is too clumsy, I'd be happy to improve my documentation and messages.

I hope someday to be able to provide a full NAT access, it shouldn't be difficult, but I've spend more than 12 hours non-stop on the task, so at this moment, I'm a bit tired for that

.

I don't promise I'll update that everyday, but I'll try to do my best.

If the core Slackware team (Pat, AlienBob, ...) have some advices, requests or ideas for improvement, I think it might even be interesting to add it in "/extra" someday, as I suspect this would be a wish for some Slackers, and maybe improve first steps accessibility to newbies, having a firewall nearly 'out of the box'. Obviously it'll require a better packaging.

Enjoy!

Garry.

PS/ Sorry if some things are a bit blurry, I'm on my 26hours without sleep... Yes Slackware geek addiction...

Richard Cranium · 08-01-2011, 05:26 AM

I've never seen this in a bash file before:

Code:

	if (( $compactMode )) ; then
		# stuff
	else
		# other stuff
	fi

Namely the (( )) part of the if test. Is that documented somewhere? On my system, the built-in is [[ ]].

NoStressHQ · 08-01-2011, 05:38 AM

Yes it's an arithmetic evaluation: http://www.gnu.org/software/bash/man...nal-Constructs

It's to have a kind of 'Boolean test more natural in a mathematical sense (a bit like the C language evaluation of 0 as false and !0 as true...).

Although I might be wrong on the theoretical side, but that thing works, I tested it a lot last night

.

Richard Cranium · 08-01-2011, 08:55 AM

Oh, I didn't doubt that you had tested it; I was just unfamiliar with the syntax.

NoStressHQ · 08-16-2011, 12:12 PM

A new version is available here: Updated archive.

Well I didn't have any feedback, so is it really interesting for anybody ?

I understand this not the kind of thing you use everyday, but some feedback would be appreciated.

Also if someone needs a NAT service (which I don't), I'd be happy to work with you, in order to implement this features.

News:
- names have been changed (improved).
- now there's an installer (which is a standalone project itself but usefull here

).
- no more "development mode" by default.
- doc updated (README.txt).
- minor improvements (check the changelog).

Thanks !

Garry.

PS/ Sorry I'm not strong with explaining things in documentations, I'd be happy to improve it with your feedback, again

.

Edit: btw, it seems it's working well for my usage and needs for now, yet I did some modifications that might change usage on different systems, I hope I didn't brake anything since the first version...