New Package: Arno's iptables firewall scripts

Purch · 2006-08-17 01:14:47

I made a PKGBUILD for Arno IPTABLES firewall script. This script has protected my home network for long time and I realized that some other Archers would also like to use it. Also, syslog-ng.conf example is included to get iptable logs into their own log file.

Script has clear, easy and well commented configuration file. Nice list of
Features
Very secure stateful filtering firewall
Both kernel 2.4 & 2.6 support
It can be used for both single- and multi(eg. dual)-homed boxes
Masquerading (NAT) and SNAT support
Multiple external (internet) interfaces
Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
Port forwarding (NAT)
Support MAC address filtering
Support for DSL/ADSL modems
Support for PPPoE, PPPoA and bridging modem setups
Support for static and ISP assigned (DHCP) IPs
Support for (transparent) proxies
Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
(Nmap)(stealth) portscan detection
Protection against SYN-flooding (DoS attacks)
Protection against ICMP-flooding (DoS attacks)
Extensive user-definable logging with rate limiting to prevent log flooding
Includes options to optimize your throughput
User definable open ports, closed ports, trusted hosts, blocked hosts etc.
Log & protection options are both highly customizable
Support for custom iptables rules in a seperate file
It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
It works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) (+virtual IP's)
It works with PoPTop PPTP (http://www.poptop.org)
It works with UPnP
DRDOS protection/detection (experimental)
It's easy to configure
And much more...

(edit) PKGBUILD is in the AUR.

This is my first package ever so tell me what to fix. I will put this to AUR if supported and this really works.

brotheris · 2006-09-01 22:01:14

Heh, installed it manualy and later found your message. Later I'll try your PKGBUILD and syslog-ng.conf

Romashka · 2006-09-02 08:17:41

Add this to AUR, please.

1c3d0g · 2006-09-02 15:45:05

Is this similar to QuickTables?

http://qtables.radom.org/

Purch · 2006-09-03 10:02:08

1c3d0g wrote:

Is this similar to QuickTables?
http://qtables.radom.org/

Arno's iptables has a config file that will be edited as needed and script reads the config file everytime it is executed.

--------

I can put this pkgbuild to AUR. The init script is not Arch like. I decided to use Arno's script as is in /etc/rc.d/ because I want to see what happens. I could do a Arch type of init script that executes the firewall script arch way.

What do you think?

Purch · 2006-09-05 11:44:19

Arno-iptables-firewall is in AUR now. I added init script to it.

I will soon upgrade package from stable to latest public RC1 version.

Arch Linux

#1 2006-08-17 01:14:47

New Package: Arno's iptables firewall scripts

#2 2006-09-01 22:01:14

Re: New Package: Arno's iptables firewall scripts

#3 2006-09-02 08:17:41

Re: New Package: Arno's iptables firewall scripts

#4 2006-09-02 15:45:05

Re: New Package: Arno's iptables firewall scripts

#5 2006-09-03 10:02:08

Re: New Package: Arno's iptables firewall scripts

#6 2006-09-05 11:44:19

Re: New Package: Arno's iptables firewall scripts

Board footer