mirror of
https://github.com/Ponce/slackbuilds
synced 2024-09-29 17:37:55 +02:00
network/arno-iptables-firewall: Updated for version 2.1.0.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
parent
6c80119606
commit
20d9930625
7 changed files with 167 additions and 116 deletions
|
@ -1,32 +1,41 @@
|
|||
arno-iptables-firewall is a front-end for iptables. Its configuration script
|
||||
will set up a secure and restrictive firewall by just asking a few questions.
|
||||
This includes configuring internal networks for Internet access via NAT and
|
||||
This includes configuring internal networks for Internet access via NAT, and
|
||||
potential network services like http or ssh. Moreover, it provides advanced
|
||||
additional features that can be enabled in the well documented configuration
|
||||
file.
|
||||
|
||||
NOTE - The setup script will *not* run automatically after your package was
|
||||
installed. In order to run the script you have to issue the following command:
|
||||
NOTE - The setup script will NOT run automatically after the package has been
|
||||
installed. In order to run the script, the following command has to be issued:
|
||||
|
||||
# arno-iptables-firewall-configure
|
||||
|
||||
To enable the startup of the firewall at boot-time you need to create a symlink
|
||||
as follows (in order to disable it, either remove the symlink or "chmod -x" the
|
||||
startup script):
|
||||
In order to start the firewall automatically at boot-time, an "rc.firewall"
|
||||
symlink to the startup script has to be created in /etc/rc.d/ and of course
|
||||
the startup script itself should be executable:
|
||||
|
||||
# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
|
||||
# chmod +x /etc/rc.d/rc.arno-iptables-firewall
|
||||
# cd /etc/rc.d/
|
||||
# ln -sv rc.arno-iptables-firewall rc.firewall
|
||||
# chmod +x rc.arno-iptables-firewall
|
||||
|
||||
You can also start the firewall manually with one of the following commands:
|
||||
In order to disable startup of the firewall at boot time, remove the symlink or
|
||||
the executable bit from the startup script:
|
||||
|
||||
# /etc/rc.d/rc.arno-iptables-firewall start
|
||||
# rm /etc/rc.d/rc.firewall
|
||||
# chmod -x /etc/rc.d/rc.arno-iptables-firewall
|
||||
|
||||
The firewall can also be started manually with one of the following commands:
|
||||
|
||||
# arno-iptables-firewall start
|
||||
# /etc/rc.d/rc.arno-iptables-firewall start
|
||||
|
||||
Please refer to the man page for more details.
|
||||
|
||||
|
||||
IMPORTANT - A few security notes from the upstream author:
|
||||
|
||||
1) If possible make sure that the firewall is started before the (ADSL) Internet
|
||||
connection is enabled. For a ppp-interface that doesn't exist yet you can use
|
||||
connection is enabled. For a ppp-interface that doesn't exist yet, you can use
|
||||
the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any
|
||||
other ppp interfaces).
|
||||
|
||||
|
@ -35,5 +44,5 @@ understand what they mean. Changing them anyway could have a big impact on the
|
|||
security of your machine.
|
||||
|
||||
3) A lot of people complain that their server stopped working after installing
|
||||
the firewall. This is the *correct* behaviour for a firewall: blocking *all*
|
||||
the firewall. This is the correct behaviour for a firewall: blocking all
|
||||
incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Slackware build script for arno-iptables-firewall
|
||||
|
||||
# Copyright 2013-2015 Philip Lacroix <slackph at posteo dot de>
|
||||
# Copyright 2013-2020 Philip Lacroix <slackph at posteo dot de>
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use of this script, with or without modification, is
|
||||
|
@ -27,8 +27,8 @@
|
|||
|
||||
PRGNAM=arno-iptables-firewall
|
||||
SRCNAM=aif
|
||||
VERSION=${VERSION:-2.0.1e}
|
||||
BUILD=${BUILD:-3}
|
||||
VERSION=${VERSION:-2.1.0}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
|
||||
CWD=$(pwd)
|
||||
|
@ -56,8 +56,8 @@ chown -R root:root .
|
|||
find -L . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
||||
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 \
|
||||
-o -perm 400 \) -exec chmod 644 {} \;
|
||||
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
||||
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
||||
|
||||
PRGBIN=$PKG/usr/sbin
|
||||
PRGETC=$PKG/etc/$PRGNAM
|
||||
|
@ -71,23 +71,25 @@ install -m 0755 -D ./configure.sh $PRGBIN/$PRGNAM-configure
|
|||
install -m 0755 ./bin/arno-fwfilter $PRGBIN/
|
||||
install -m 0755 ./bin/$PRGNAM $PRGBIN/
|
||||
|
||||
# Patch the configuration script. We need this in order to be able to
|
||||
# run the script from outside the source directory as well. We're going
|
||||
# to (1) change from relative to absolute the paths to the environment
|
||||
# file and firewall executable; (2) rename and change the path to the
|
||||
# startup script (this is for better consistency with Slackware's init
|
||||
# system); (3) change the path to the unmodified copy of the config
|
||||
# file, needed to check for existing custom setups. We will NOT create
|
||||
# a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup
|
||||
# script, as this should be done manually by the sysadmin. We won't
|
||||
# create any SystemV-style symlinks either. (4) We will allow the script
|
||||
# to be run correctly more than once, by removing previously set values
|
||||
# if no value is entered: this is to prevent e.g. ports from remaining
|
||||
# open, or internal interfaces from remaining enabled with NAT. Finally
|
||||
# (5) we append the note, picked from the original installation script
|
||||
# and slightly enhanced, that the user will see when configuration is
|
||||
# done: this is to inform that an rc.firewall symlink has to be created
|
||||
# in order to start up the firewall at boot-time in a proper way.
|
||||
# Patch the configuration script. We need this to be able to run the
|
||||
# script from outside the source directory as well. We're going to:
|
||||
#
|
||||
# 1) Change from relative to absolute the paths to the environment file
|
||||
# and the firewall executable.
|
||||
# 2) Rename and change the path to the startup script, for consistency with
|
||||
# Slackware's init system.
|
||||
# 3) Change the path to the unmodified copy of the config file, needed to
|
||||
# check for already existing setups.
|
||||
# 4) Allow the script to be run correctly more than once, by removing
|
||||
# previously set values if no values are entered: this is to prevent,
|
||||
# for example, ports from remaining open, or NAT from remaining enabled.
|
||||
# 5) Append the note, copied from the original install script and adapted
|
||||
# to the Slackware system, that users read when configuration is done:
|
||||
# this is mainly to inform that the "rc.firewall" symlink has to be
|
||||
# manually created in order to start up the firewall at boot-time. We
|
||||
# will NOT create the symlink automatically, as this should be done by
|
||||
# the system administrator.
|
||||
|
||||
patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff
|
||||
|
||||
# Copy and compress man pages.
|
||||
|
@ -110,7 +112,7 @@ done
|
|||
# expected by the configuration script for comparison purposes; create
|
||||
# link to plugin as in the original script.
|
||||
mkdir -p $PRGSHR
|
||||
cp -a ./share/$PRGNAM/* $PRGSHR/
|
||||
cp -a ./share/$PRGNAM/{environment,plugins} $PRGSHR/
|
||||
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
|
||||
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
PRGNAM="arno-iptables-firewall"
|
||||
VERSION="2.0.1e"
|
||||
VERSION="2.1.0"
|
||||
HOMEPAGE="https://github.com/arno-iptables-firewall/aif"
|
||||
DOWNLOAD="https://github.com/arno-iptables-firewall/aif/archive/2.0.1e.tar.gz"
|
||||
MD5SUM="4981a336f55e2db90f594beedcaef47d"
|
||||
DOWNLOAD="https://github.com/arno-iptables-firewall/aif/archive/2.1.0.tar.gz"
|
||||
MD5SUM="8f890a80bb6e8d2d0681c9a822ae39de"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM_x86_64=""
|
||||
REQUIRES=""
|
||||
MAINTAINER="Philip Lacroix"
|
||||
EMAIL="slackph at bluebottle dot com"
|
||||
EMAIL="slackph at posteo dot de"
|
||||
|
|
|
@ -1,16 +1,8 @@
|
|||
233c233
|
||||
< IP4TABLES="/sbin/iptables"
|
||||
---
|
||||
> IP4TABLES="/usr/sbin/iptables"
|
||||
238c238
|
||||
< IP6TABLES="/sbin/ip6tables"
|
||||
---
|
||||
> IP6TABLES="/usr/sbin/ip6tables"
|
||||
242c242
|
||||
256c256
|
||||
< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
|
||||
---
|
||||
> ENV_FILE="/usr/share/arno-iptables-firewall/environment"
|
||||
246c246
|
||||
260c260
|
||||
< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
|
||||
---
|
||||
> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
|
||||
|
|
|
@ -5,96 +5,145 @@
|
|||
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
|
||||
> . /usr/share/arno-iptables-firewall/environment
|
||||
36c36
|
||||
< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
|
||||
< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
|
||||
---
|
||||
> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2
|
||||
70a71,75
|
||||
> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
|
||||
76a77,81
|
||||
> else
|
||||
> # If no value is entered, remove (unless commented) previously set
|
||||
> # values: this is to prevent e.g. ports from remaining open, or
|
||||
> # internal interfaces from remaining enabled with NAT.
|
||||
> # values: this is to prevent, for example, ports from remaining open,
|
||||
> # or internal interfaces from remaining enabled with NAT.
|
||||
> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
|
||||
85c90
|
||||
91c96
|
||||
< # else
|
||||
---
|
||||
> else
|
||||
86a92,94
|
||||
> # This is needed in order to allow the function change_conf_var()
|
||||
92a98,100
|
||||
> # This is needed to allow the function change_conf_var()
|
||||
> # to remove values for previously set open ports.
|
||||
> change_conf_var "$2" "$3" ""
|
||||
216a225,231
|
||||
183,186c191,194
|
||||
< echo "Listing available interfaces:"
|
||||
< echo "-----------------------------"
|
||||
< list_interfaces;
|
||||
< echo "-----------------------------"
|
||||
---
|
||||
> # echo "Listing available interfaces:"
|
||||
> # echo "-----------------------------"
|
||||
> # list_interfaces;
|
||||
> # echo "-----------------------------"
|
||||
255a264,270
|
||||
> else
|
||||
> # Remove previously set values related to the internal interface, if
|
||||
> # no internal interface is entered with this script.
|
||||
> # Remove previously set values related to the internal interface,
|
||||
> # if no internal interface is entered with this script.
|
||||
> change_conf_var "$FIREWALL_CONF" "INT_IF" ""
|
||||
> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
|
||||
> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
|
||||
> change_conf_var "$FIREWALL_CONF" "NAT" "0"
|
||||
218c233
|
||||
<
|
||||
259,261c274,276
|
||||
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
|
||||
< chown 0:0 /etc/init.d/arno-iptables-firewall
|
||||
< chmod 755 /etc/init.d/arno-iptables-firewall
|
||||
---
|
||||
>
|
||||
220,222c235,237
|
||||
< chmod 755 /etc/init.d/arno-iptables-firewall
|
||||
< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall
|
||||
< chmod 600 "$FIREWALL_CONF"
|
||||
---
|
||||
> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
|
||||
> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall
|
||||
> chmod 600 "$FIREWALL_CONF"
|
||||
227c242
|
||||
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
|
||||
> chown 0:0 /etc/rc.d/rc.arno-iptables-firewall
|
||||
> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
|
||||
271c286
|
||||
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
|
||||
---
|
||||
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
|
||||
235,251d249
|
||||
< # Remove any symlinks in rc*.d out of the way
|
||||
< rm -f /etc/rc*.d/*arno-iptables-firewall
|
||||
279,339c294
|
||||
< RC_PATH="/etc"
|
||||
< # Check for Redhat/SUSE rc.d
|
||||
< if [ -d "/etc/rc.d" ]; then
|
||||
< RC_PATH="/etc/rc.d"
|
||||
< fi
|
||||
<
|
||||
< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then
|
||||
< if [ -d /etc/rcS.d ]; then
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall
|
||||
< # Remove any symlinks in rc*.d out of the way
|
||||
< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
|
||||
< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
|
||||
<
|
||||
< if get_user_yn "Do you want to start the firewall at boot" "y"; then
|
||||
< DONE=0
|
||||
<
|
||||
< if check_command systemctl; then
|
||||
< if systemctl enable arno-iptables-firewall; then
|
||||
< echo "* Successfully enabled service with systemctl"
|
||||
< DONE=1
|
||||
< fi
|
||||
< elif check_command update-rc.d; then
|
||||
< # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
|
||||
< if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
|
||||
< echo "* Successfully enabled service with update-rc.d"
|
||||
< DONE=1
|
||||
< fi
|
||||
< elif check_command chkconfig; then
|
||||
< if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
|
||||
< echo "* Successfully enabled service with chkconfig"
|
||||
< DONE=1
|
||||
< fi
|
||||
< else
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall
|
||||
< if [ -d "$RC_PATH/rcS.d" ]; then
|
||||
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
|
||||
< echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
|
||||
< DONE=1
|
||||
< fi
|
||||
< elif [ -d "$RC_PATH/rc2.d" ]; then
|
||||
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
|
||||
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
|
||||
< echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
|
||||
< DONE=1
|
||||
< fi
|
||||
< else
|
||||
< echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
|
||||
< fi
|
||||
< fi
|
||||
<
|
||||
< # Check for insserv. Used for dependency based booting on eg. Debian
|
||||
< INSSERV="$(find_command /sbin/insserv)"
|
||||
< if [ -n "$INSSERV" ]; then
|
||||
< "$INSSERV" arno-iptables-firewall
|
||||
< if [ $DONE -eq 0 ]; then
|
||||
< echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
|
||||
< fi
|
||||
< fi
|
||||
<
|
||||
253c251
|
||||
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
|
||||
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
|
||||
---
|
||||
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
|
||||
255c253
|
||||
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
|
||||
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
|
||||
341c296
|
||||
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
|
||||
---
|
||||
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
|
||||
258c256
|
||||
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
|
||||
343c298
|
||||
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
|
||||
---
|
||||
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
|
||||
347c302
|
||||
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
|
||||
---
|
||||
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
|
||||
274a273,291
|
||||
362a318,335
|
||||
> echo ""
|
||||
> echo "-------------------------------------------------------------------------------"
|
||||
> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **"
|
||||
> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **"
|
||||
> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **"
|
||||
> echo "** It is recommended however to first review the settings in **"
|
||||
> echo "** /etc/arno-iptables-firewall/firewall.conf! **"
|
||||
> echo "** NOTE: 1) After configuration, it is recommended to review the firewall **"
|
||||
> echo "** settings in /etc/arno-iptables-firewall/firewall.conf **"
|
||||
> echo "** **"
|
||||
> echo "** 2) In order to start the firewall automatically at boot-time, **"
|
||||
> echo "** you will need to manually create in /etc/rc.d/ an appropriate **"
|
||||
> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **"
|
||||
> echo "** To do that, issue the following command: **"
|
||||
> echo "** 2) To manually start or restart the firewall, run: **"
|
||||
> echo "** /etc/rc.d/rc.arno-iptables-firewall start **"
|
||||
> echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **"
|
||||
> echo "** **"
|
||||
> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **"
|
||||
> echo "** 3) To start the firewall automatically at boot-time, you need an **"
|
||||
> echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **"
|
||||
> echo "** script. Issue the following commands to create the symlink: **"
|
||||
> echo "** cd /etc/rc.d/ **"
|
||||
> echo "** ln -sv rc.arno-iptables-firewall rc.firewall **"
|
||||
> echo "** **"
|
||||
> echo "** Delete the link if you wish to disable firewall startup at boot- **"
|
||||
> echo "** time, or \"chmod -x\" the startup script for the same result. **"
|
||||
> echo "** 4) To disable startup at boot-time, simply delete the symlink, **"
|
||||
> echo "** or remove the executable bit from the startup script. **"
|
||||
> echo "-------------------------------------------------------------------------------"
|
||||
> echo ""
|
||||
277d293
|
||||
<
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
4c4
|
||||
< # description: init.d script for Arno's iptables firewall
|
||||
< # description: init.d script for Arno's Iptables Firewall(AIF)
|
||||
---
|
||||
> # description: rc.d script for Arno's iptables firewall
|
||||
> # description: rc.d script for Arno's Iptables Firewall(AIF)
|
||||
7c7
|
||||
< # Provides: arno-iptables-firewall
|
||||
---
|
||||
> # Provides: rc.arno-iptables-firewall
|
||||
15,21c15,23
|
||||
15,21c15,22
|
||||
< ############################################################################################
|
||||
< # You should put this script in eg. "/etc/init.d/" . #
|
||||
< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it #
|
||||
|
@ -18,13 +18,12 @@
|
|||
> ################################################################################
|
||||
> # You should put this script in "/etc/rc.d/". #
|
||||
> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. #
|
||||
> # If you want to run it upon boot, either create an "rc.firewall" link to this #
|
||||
> # script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") #
|
||||
> # or edit the network system startup script "/etc/rc.d/rc.inet2", by renaming #
|
||||
> # both occurrences of "rc.firewall" to match the name ot this script, that is, #
|
||||
> # "rc.arno-iptables-firewall". #
|
||||
> # If you want to run it upon boot, create an "rc.firewall" symlink to the #
|
||||
> # rc.arno-iptables-firewall script: #
|
||||
> # #
|
||||
> # ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall #
|
||||
> ################################################################################
|
||||
24c25
|
||||
24c26
|
||||
< PROGRAM="/usr/local/sbin/arno-iptables-firewall"
|
||||
---
|
||||
> PROGRAM="/usr/sbin/arno-iptables-firewall"
|
||||
|
|
|
@ -11,7 +11,7 @@ arno-iptables-firewall:
|
|||
arno-iptables-firewall: arno-iptables-firewall is a front-end for iptables. Its configuration
|
||||
arno-iptables-firewall: script will set up a secure and restrictive firewall by just asking a
|
||||
arno-iptables-firewall: few questions. This includes the configuration of internal networks
|
||||
arno-iptables-firewall: for Internet access via NAT and potential network services like http
|
||||
arno-iptables-firewall: for Internet access via NAT, and potential network services like http
|
||||
arno-iptables-firewall: or ssh. Moreover, it provides advanced additional features that can be
|
||||
arno-iptables-firewall: enabled in the well documented configuration file.
|
||||
arno-iptables-firewall:
|
||||
|
|
Loading…
Reference in a new issue