These scripts activate the firewall and masquerading capabilities in your Linux box, you simply have to load it. Every strange or suspicious packet received/send is logged to syslog.
These are not bullet-proof firewall, but deal with the most common net security issues and, at least, you get the cracker life harder. They will also enable masquerading: the hosts in the internal network will be able to exit on the Internet transparently, without proxy servers (but for some applications some form of tunneling/port forwarding may be necessary).
Big fat warning: I am no longer supporting these scripts, as I found that Shoreline firewall provides more flexibility. So the rules of 'no warranty' and 'provided as is' should be considered even more valid than ever.
The iptables script is thought to be used on a computer with two network interfaces,
one of them linked to an ethernet ADSL modem. If you don't need this feature, simply comment
out all lines containing the word TO_ADSL_MODEM.
You don't need anything else, I made many firewalls with old 386/486 that were going to be trashed...
NOTE:
Kernel 2.2.16 have a packet fragmentation bug, an upgrade to 2.2.20 is HIGHLY recommended.
Kernels <= 2.4.17 have various VM and security issues, so an upgrade to ≥ 2.4.18 is, as above,
HIGHLY recommended.
For these scripts I took inspiration from TrinityOS by David A. Ranch and from a script by A. Fragola, another source of inspiration is the ipmasq debian package.
|