Arno's IPTABLES Firewall Script 2.0.1b

Arno's IPTABLES firewall script was initially written because I needed to protect my single-homed Linux machine at work.
Arno's IPTABLES firewall script was initially written because I needed to protect my single-homed Linux machine at work. I wrote it at the time I couldn't find any script that really satisfied my needs except for one that was written by a guy called 'Seven'.

I helped him for several months with the work on his script by suppling patches, reporting bugs etc. In this period I was fortunately also able to master scripting for iptables myself because soon Seven discontinued his work, I never got to even talk to the guy ever again. At that point I decided to continue his work, or actually I started my own branch based on his script.

In the summer of 2002 I finally got an ADSL connection at home. Initially I used the iptables firewall that came with the great ADSL4LINUX-package (http://www.adsl4linux.nl). But it didn't take me long to come to the conclusion that their iptables firewall lacked important features like port-forwarding and flexbility with "trusted hosts" etc.

I also didn't like the fact that I had to use a different firewall for my home machine and the machine at work. This made me decide to use some of the ADSL4LINUX knowledge to implement ADSL support.

By now (about 1 year later as of writing) there are only few remnants left of Seven's original script and many, many, many improvements were applied. One major improvement is the ADSL and NAT support (Check the 'features' page with the specifiations of my firewall). For version 2 (alpha) I plan to completely rewrite to script to make it more flexible and to increase the usability for others.

Main features:

  • Very secure stateful filtering firewall
  • Both kernel 2.4 & 2.6 support
  • It can be used for both single- and multi(eg. dual)-homed boxes
  • Masquerading (NAT) and SNAT support
  • Multiple external (internet) interfaces
  • Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
  • Port forwarding (NAT)
  • Support MAC address filtering
  • Support for DSL/ADSL modems
  • Support for PPPoE, PPPoA and bridging modem setups
  • Support for static and ISP assigned (DHCP) IPs
  • Support for (transparent) proxies
  • Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
  • (Nmap)(stealth) portscan detection
  • Protection against SYN-flooding (DoS attacks)
  • Protection against ICMP-flooding (DoS attacks)
  • Extensive user-definable logging with rate limiting to prevent log flooding
  • Includes options to optimize your throughput
  • User definable open ports, closed ports, trusted hosts, blocked hosts etc.
  • Log & protection options are both highly customizable
  • Support for custom iptables rules in a seperate file
  • It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
  • Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
  • It works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) ( virtual IP's)
  • It works with PoPTop PPTP (http://www.poptop.org)
  • It works with UPnP
  • DRDOS protection/detection (experimental)
  • It's easy to configure
  • And much more.

last updated on:
March 19th, 2012, 13:11 GMT
price:
FREE!
developed by:
Arno van Amersfoort
homepage:
rocky.eld.leidenuniv.nl
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Networking

FREE!

In a hurry? Add it to your Download Basket!

user rating 48

4.2/5
 

0/5

Rate it!
What's New in This Release:
  • This version fixes RESERVED_NET_DROP, which only worked when RESERVED_NET_LOG was enabled (regression), fixes the installation script, and updates/corrects documentation.
read full changelog

Add your review!

SUBMIT