mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-24 10:02:29 +01:00
6010e4cdde
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org> |
||
---|---|---|
.. | ||
files | ||
arno-iptables-firewall.info | ||
arno-iptables-firewall.SlackBuild | ||
CHANGELOG | ||
doinst.sh | ||
README | ||
slack-desc |
arno-iptables-firewall is a front-end for iptables. Its configuration script will set up a secure and restrictive firewall by just asking a few questions. This includes configuring internal networks for Internet access via NAT and potential network services like http or ssh. Moreover, it provides advanced additional features that can be enabled in the well documented configuration file. NOTE - The setup script will *not* run automatically after your package was installed. In order to run the script you have to issue the following command: # arno-iptables-firewall-configure To enable the startup of the firewall at boot-time you need to create a symlink as follows (in order to disable it, either remove the symlink or "chmod -x" the startup script): # ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall # chmod +x /etc/rc.d/rc.arno-iptables-firewall You can also start the firewall manually with one of the following commands: # /etc/rc.d/rc.arno-iptables-firewall start # arno-iptables-firewall start IMPORTANT - A few security notes from the upstream author: 1) If possible make sure that the firewall is started before the (ADSL) Internet connection is enabled. For a ppp-interface that doesn't exist yet you can use the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any other ppp interfaces). 2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really understand what they mean. Changing them anyway could have a big impact on the security of your machine. 3) A lot of people complain that their server stopped working after installing the firewall. This is the *correct* behaviour for a firewall: blocking *all* incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly.