mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
7dbadc7a54
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
42 lines
1.8 KiB
Text
42 lines
1.8 KiB
Text
arno-iptables-firewall is a front-end for iptables. Its configuration
|
|
script will set up a secure and restrictive firewall by just asking a
|
|
few questions. This includes configuring internal networks for Internet
|
|
access via NAT and potential network services like http or ssh. Moreover,
|
|
it provides many advanced additional features that can be enabled in the
|
|
well documented configuration file.
|
|
|
|
PLEASE NOTE - The setup script is NOT going to be run automatically
|
|
after your package is installed. In order to do that you'll have to
|
|
issue the following command:
|
|
|
|
# arno-iptables-firewall-configure
|
|
|
|
To enable firewall startup at boot-time you'll need to create a symlink
|
|
as follows (remove the link to disable automatic firewall startup, or
|
|
"chmod -x" the startup script for the same result):
|
|
|
|
# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
|
|
# chmod +x /etc/rc.d/rc.arno-iptables-firewall
|
|
|
|
When everything is ready you can start the firewall manually with one
|
|
of the following commands:
|
|
|
|
# /etc/rc.d/rc.arno-iptables-firewall start
|
|
|
|
# arno-iptables-firewall start
|
|
|
|
IMPORTANT - A few security notes from the upstream author:
|
|
|
|
1) If possible, make sure that the firewall is started before the (ADSL)
|
|
Internet connection is enabled. For a ppp-interface that doesn't exist
|
|
yet you can use the wildcard device called "ppp+" (but you can only use
|
|
ppp+ if there aren't any other ppp interfaces).
|
|
|
|
2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
|
|
really understand what they mean. Changing them anyway could have a big
|
|
impact on the security of your machine.
|
|
|
|
3) A lot of people complain that their server stopped working after
|
|
installing the firewall. This is the CORRECT behaviour for a firewall:
|
|
blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
|
|
accordingly.
|