mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-21 19:42:24 +01:00
1b6e3e1998
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
39 lines
1.7 KiB
Text
39 lines
1.7 KiB
Text
arno-iptables-firewall is a front-end for iptables. Its configuration script
|
|
will set up a secure and restrictive firewall by just asking a few questions.
|
|
This includes configuring internal networks for Internet access via NAT and
|
|
potential network services like http or ssh. Moreover, it provides advanced
|
|
additional features that can be enabled in the well documented configuration
|
|
file.
|
|
|
|
NOTE - The setup script will *not* run automatically after your package was
|
|
installed. In order to run the script you have to issue the following command:
|
|
|
|
# arno-iptables-firewall-configure
|
|
|
|
To enable the startup of the firewall at boot-time you need to create a symlink
|
|
as follows (in order to disable it, either remove the symlink or "chmod -x" the
|
|
startup script):
|
|
|
|
# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
|
|
# chmod +x /etc/rc.d/rc.arno-iptables-firewall
|
|
|
|
You can also start the firewall manually with one of the following commands:
|
|
|
|
# /etc/rc.d/rc.arno-iptables-firewall start
|
|
|
|
# arno-iptables-firewall start
|
|
|
|
IMPORTANT - A few security notes from the upstream author:
|
|
|
|
1) If possible make sure that the firewall is started before the (ADSL) Internet
|
|
connection is enabled. For a ppp-interface that doesn't exist yet you can use
|
|
the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any
|
|
other ppp interfaces).
|
|
|
|
2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really
|
|
understand what they mean. Changing them anyway could have a big impact on the
|
|
security of your machine.
|
|
|
|
3) A lot of people complain that their server stopped working after installing
|
|
the firewall. This is the *correct* behaviour for a firewall: blocking *all*
|
|
incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly.
|