blob: c90b74baf3be547e323ec89bf7f82198597edf2b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
arno-iptables-firewall is a front-end for iptables. Its configuration
script will set up a secure and restrictive firewall by just asking a
few questions. This includes configuring internal networks for Internet
access via NAT and potential network services like http or ssh. Moreover,
it provides many advanced additional features that can be enabled in the
well documented configuration file.
PLEASE NOTE - The setup script is NOT going to be run automatically
after your package is installed. In order to do that you'll have to
issue the following command:
# arno-iptables-firewall-configure
To enable firewall startup at boot-time you'll need to create a symlink
as follows (remove the link to disable automatic firewall startup, or
"chmod -x" the startup script for the same result):
# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
# chmod +x /etc/rc.d/rc.arno-iptables-firewall
When everything is ready you can start the firewall manually with one
of the following commands:
# /etc/rc.d/rc.arno-iptables-firewall start
# arno-iptables-firewall start
IMPORTANT - A few security notes from the upstream author:
1) If possible, make sure that the firewall is started before the (ADSL)
Internet connection is enabled. For a ppp-interface that doesn't exist
yet you can use the wildcard device called "ppp+" (but you can only use
ppp+ if there aren't any other ppp interfaces).
2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
really understand what they mean. Changing them anyway could have a big
impact on the security of your machine.
3) A lot of people complain that their server stopped working after
installing the firewall. This is the CORRECT behaviour for a firewall:
blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
accordingly.
|
