Jay's Iptables Firewall is a bash script that allows one to easily install and configure a firewall on a Linux system. It was initially written for use on a home LAN, but can be extend to any type of network. It features support for multiple (external/internal) interfaces, TCP/UDP/ICMP control, masquerading, synflood control, spoofing control, port forwarding from specific interfaces, VPNs, ToS (bandwith managment), denying hosts (IP or MAC address), ZorbIPTraffic, Spyware list IP, Pre/Post scripts, log options, and more. The firewall is able to launch custom iptables rules, and the configuration of the firewall is assisted by an optional, interactive, curses-based Perl script.
|Tags||Networking Firewalls Security|
|Operating Systems||POSIX Linux|
|Implementation||Unix Shell Perl|
No changes have been submitted for this release.
Release Notes: A bug has been fixed for people who have IPv6 enabled.
Release Notes: The unclean module has ben removed for kernel 2.6 compatibility. The spyware/deny-IP feature has been optimized (bandwidth may have slowed with too many IPs). The forwarding option allows you to forward some ports from the LAN side. An option for keeping modules loaded after 'stop' has been added. A small bug has been fixed in the 'ping_for_all' feature, and the LAN can now ping your firewall while ping_for_all=0 (default rules for the LAN). A config file has been added for the 'firewall-spy-update.pl' script.
Release Notes: Ulog support has been added. This is useful if you don't want to write all dropped packets in your syslog files.
Release Notes: You can now open ports on specifics interfaces if you have more than one. You can now limit the TCP/UDP access from your LAN. New support for PPTP/IPSEC has been added. IPSEC is still in development, but PPTP works for a PPTP server on the firewall box. A new spyware updating script has been added to keep you up to date. The upload limit function has been removed. Support for PeerProtect has been written. Support for the iprange modules has been added (for the blocking IP option). The script configuration has been reviewed a little bit. Autodetection of the binary tools is now done.