Thanks again for continued updates. I currently have native IPv6 but cannot use this script to firewall it. My firewall machine is CentOS 5.5 and when running your script with IPv6 connectivity turned on i get
NOTE: Module "nf_conntrack_ipv6" failed to load. Assuming compiled-in-kernel.
NOTE: Modules "xt_TCPMSS|ipt_TCPMSS,ip6t_TCPMSS" failed to load. Assuming compiled-in-kernel.
these mod's dont exist in CentOS 5.5's ip6tables there for none of the rules apply
ERROR (2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu'
ERROR (2): ip6tables v1.3.5: Unknown arg `--set-tos'
Back when iptables first came out i read for weeks trying to figure out how to rewrite my firewall scripts that i had done years before to take advantage of the new features iptables provides, it took me weeks to do that and have something i felt pretty good about. Over the years i had added on things as needed for various clients and it served me pretty well. Several years ago a client had a insanely crazy setup and after beating my head into the wall for a few hours trying to figure out how to make my script work i thought, "hey why not check around and see whats out there". So i found this little Gem.
Back when iptables first came out there really wasn't many great examples so i wrote my own, now there are many and while i understand it way better now, this script kicks ass. Why write my own and end up with something probably not even 1/10 as good when you can start with what i feel is the best firewall script out there. Arnova, my hats off to you. Very well done, constantly updated and very well documented. Even 7 years later and your still improving it, now if that doesnt say something about his level of commitment i don't know what does. If your ever in the Bay Area Arno, look me up i owe you many beers!
Re: This Script Is The Best
That's just true.
As hgo I found this script combine power and clarity (configuration AND logs :).
As jgionet, I configured it just logging into the gateway by SSH.
I'm very happy i found Arno's IPtables script.
Many thanks for his nice work :)
This Script Is The Best
I've tried a lot of firewall scripts from freshmeat. More than half don't seem to even work. Or I'm not bright enough to make them work (and I've been working with unix style operating systems for eight years).
This script "just works". And it's got powerful configuration options to boot.
After wasting hours to get my SuSE Firewall up and running I gave up on it. Then I found this script and I am extremely happy with it. Everything just worked fine after just following the instructions and rebooting the PC. Thank you!
what can I say, this is by far one of the BEST scripts I've loaded in many years! I was able to install and apply this script REMOTLY connected via SSH and had no issues at all. (after applying a new Redhat Kernel & rebooting) Great instructions and very well documented/orginized. I was using MonMotha's script before (which was also excellent) however there hadn't been any updates in a quite a while. Keep up the GREAT work! thxs :)
I've been using this script for a year now and I never encountered any problem with it.
It works just fine and keep my network safe ...
The best of the best
This IPTABLES script is really wonderful, try it!
I set up this script to NAT/Firewall my home network in minutes! It has been working with apparant flawlessness for a couple of days.
Thanx alot fo this! It saved me from having to spend HOURS and HOURS learning iptables configuration. Now all I have to do is pour over your excellently commented script to satisfy whatever curiosity I have vis-a-vis iptables.
Again, thank you!
You really did a wonderful job. Works great, and with lots of options.
Thanks for this piece :-)
An open, cross-platform journaling program.
A scientific plotting package.