diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 23ad6f4255..8c697817da 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,30 +1,33 @@ -arno-iptables-firewall is a front-end for iptables. Its configuration script -will set up a secure and restrictive firewall by just asking a few questions. -This includes configuring internal networks for Internet access via NAT, and -potential network services like http or ssh. Moreover, it provides advanced -additional features that can be enabled in the well documented configuration -file. +arno-iptables-firewall is a front-end for iptables. Its configuration +script will set up a secure and restrictive firewall by just asking +a few questions. This includes configuring internal networks for +Internet access via NAT, and potential network services like http or +ssh. Moreover, it provides advanced additional features that can be +enabled in the well documented configuration file. -NOTE - The setup script will NOT run automatically after the package has been -installed. In order to run the script, the following command has to be issued: +NOTE - The setup script will NOT run automatically after the package +has been installed. In order to run the script, the following command +has to be issued: # arno-iptables-firewall-configure -In order to start the firewall automatically at boot-time, an "rc.firewall" -symlink to the startup script has to be created in /etc/rc.d/ and of course -the startup script itself should be executable: +In order to start the firewall automatically at boot-time, an +"rc.firewall" symlink to the startup script has to be created +in /etc/rc.d/ and of course the startup script itself should be +executable: # cd /etc/rc.d/ # ln -sv rc.arno-iptables-firewall rc.firewall # chmod +x rc.arno-iptables-firewall -In order to disable startup of the firewall at boot time, remove the symlink or -the executable bit from the startup script: +In order to disable startup of the firewall at boot time, remove the +symlink or the executable bit from the startup script: # rm /etc/rc.d/rc.firewall # chmod -x /etc/rc.d/rc.arno-iptables-firewall -The firewall can also be started manually with one of the following commands: +The firewall can also be started manually with one of the following +commands: # arno-iptables-firewall start # /etc/rc.d/rc.arno-iptables-firewall start @@ -34,15 +37,16 @@ Please refer to the man page for more details. IMPORTANT - A few security notes from the upstream author: -1) If possible make sure that the firewall is started before the (ADSL) Internet -connection is enabled. For a ppp-interface that doesn't exist yet, you can use -the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any -other ppp interfaces). +1) If possible make sure that the firewall is started before the +(ADSL) Internet connection is enabled. For a ppp-interface that +doesn't exist yet, you can use the wildcard device called "ppp+" (but +you can only use ppp+ if there aren't any other ppp interfaces). -2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really -understand what they mean. Changing them anyway could have a big impact on the -security of your machine. +2) Don't change any (security) settings ('EXPERT SETTINGS') if you +don't really understand what they mean. Changing them anyway could +have a big impact on the security of your machine. -3) A lot of people complain that their server stopped working after installing -the firewall. This is the correct behaviour for a firewall: blocking all -incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly. +3) A lot of people complain that their server stopped working after +installing the firewall. This is the correct behaviour for a firewall: +blocking all incoming traffic by default. Configure your OPEN_TCP +(e.g.) accordingly.