Automatic Firewall 0.3.2
Automatic Firewall is a script that will automatically configure a firewall.
Many people when connecting to the internet need a firewall script made for them so they can surf the net without being susceptible to various attacks. Most, if not all (until now :-), of the existing scripts are written for a large range of requirements and require some tweaking to make them work for a specific user. However many users do not know which parameters to fill in the script config file.
AutoFW intends to provide a simple firewall script that you just need to fire and forget. You make sure to run it on computer start-up or just before connecting to the net, and it will detect network condition and setup appropriate firewall rules for you.
In order to be "smart" AutoFW has to be limited, the current scope of AutoFW are standard broadband connections, it will also cover dial-up users and stand-alone servers.
AutoFW works only for Linux IPTables firewall and needs the iptables utility to update the firewall, it also needs the ifconfig utility, both of these are available on any standard install of a GNU/Linux machine.
AutoFW also needs the ip program which is part of the iproute2 package, sometimes also called iproute. It is available as a package for any standard GNU/Linux install, not it might not be installed in your particular.
There are two parts that do automatic detection, one is for interfaces and IPs and the other is for open listening ports.
The interface part looks at all the active interfaces in the machine and classifies them between internal and external. It does that by looking at the IPv4 address of the device. If it is one of:
it is considered to be an internal IP and thus an internal interface, otherwise it is an external IP and thus an external interface. There is no handling of an interface with both an internal and an external IP on it.
The listening ports are scanned for a known port and the accompanying known program name that binds to that port, known ports are opened later in the configuration stage.
The configuration itself is very simple for now, without many of the bell and whistles that exist in other scripts, but it works for the basic needs and provides adequate protection.
What's New in This Release:
· Internal systems are now protected, as well as servers and NAT gateways.