LinuxQuestions.org - iptables - rc.firewall (Projectfiles/lfw.sourceforge.net) mirror of script

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - iptables - rc.firewall (Projectfiles/lfw.sourceforge.net) mirror of script (https://www.linuxquestions.org/questions/linux-security-4/iptables-rc-firewall-projectfiles-lfw-sourceforge-net-mirror-of-script-597258/)

iptables - rc.firewall (Projectfiles/lfw.sourceforge.net) mirror of script

I've just seen a load of "give me your iptables lists"-style questions and thought that the following might be useful.

There used to be a file called Projectfiles rc.firewall - it later moved (briefly) to lfw.sourceforge.net but it seems to have now died. It's a plain bash script that sets up a fantastic iptables config and which you can use on servers, clients and routers without hassle.

It has a lovely, simple, "variable" config and the default (i.e. without changing a thing in the file) is a perfect single-computer firewall. Just by adding a list of internal interfaces to one variable you get a fully-protected NAT gateway.

It's perfect for Slackware, especially, as it just goes into /etc/rc.d/ where it will automatically be executed at startup. It's very customisable and creates some very strong rules without needing to know a single iptables command. Additionally, it's requirements are absolutely minimal and it has no dependencies on anything (except bash, of course).

When I found out that it was no longer easily available on the net I went through all my backups and found the documentation and several versions of the scripts, which I have posted on my blog here:

http://ledow.blogspot.com/2007/07/mi...tfilescom.html

I thought that a few people might find this useful. I've heard several people on these forums recommend this particular script and it would be a shame to lose it forever.

So should I just download the rc.firewall script and edit the first few variables? Or are some of those other files needed to get what you're talking about?

The rc.firewall script is self-contained - it's all you NEED.

You might WANT the documentation (the html files) to make sense of the more advanced options but you can probably work 99% of it out from just reading the top part of the script (where the configuration is).

The other stuff is just older versions of the same script for those who want them. As far as I can tell it's very minor bug-fix style changes, so you're better off with the 2.0final version.

I only have the rc.firewall script on my own machines - one's a laptop with wireless and VPN, one's a desktop with wireless, VPN, DMZ and also the NAT gateway for the rest of the network, one's just an ordinary Linux computer that sits on the network. They all use just the rc.firewall scripts with different options in the top-half of the script.