IP-Array is a Linux iptables firewall script written in bash. IP-Array allows the creation of precise, stateful rules, while remaining easy to configure.
An easy to configure firewall
· still leaving the user the possiblillity to configure detailed rules
· which creates thight ruleset
· which is easy to customize, extendable, scriptable
· with senseful 'presets' for common situations
Here are some key features of "IP-Array":
· Multiple LANs.
· VPN (ipsec).
· A DMZ.
· Traffic shaping.
· 'Autoconfig' options for i.e: DNS, FTP.
· Logging functionality.
· MAC address matching.
· Easy and fast to configure through one main config and one rule file.
· Muliple verbose modi with(out) logging to syslog.
· Different startup logic according to command line parameter(s).
· Test mode to test new configurations.
· Creates tight stateful rules, always using both interfaces, when forwarding.
· Various SysCtl settings.
· and more ...
What's New in This Release: [ read full changelog ]
· Bugfix: Prolog scripts were not loaded at all.
· Bugfix: raw table rules did not have the target appended to the command string (applies only, if the user configured his own raw table template).
· Fixed a bug in logic for 'FINAL_RULE'. If 'FINAL_RULE' was set to either IPBOUND or IFBOUND, unnecessary (shadowed) allow rules will be generated.