IpKungFu 0.6.0 review
DownloadIPKungFu is an iptables-based Linux firewall
|
|
IPKungFu is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order.
It takes advantage of advanced features of iptables, tcpwrappers, and the Linux kernel.
IPKungFu can handle a wide array of configurations, and supports Internet connection sharing, multiple virtual hosts, IP forwarding, IP masquerading, configurable logging, string matching and much more.
IpKungFu project is designed with both the novice and the expert in mind with its simple and easy to use installer, and various configuration files.
Anyone who wishes to simplify the creation of an iptables-based firewall. Additionally, anyone who would like a simple method of configuring a Linux machine to share its Internet connection.
It takes configuration directives from the files in /etc/ipkungfu and uses them, along with some information gathered from your system, to build a firewall using iptables and sysctl. It is primarily an interface to iptables. Which in turn is an interface to the Linux kernel's netfilter code.
Installation:
Download and unpack the source.
Run the installation script.
Edit configuration files in /etc/ipkungfu to taste.
Execute ipkungfu. (/usr/local/sbin/ipkungfu)
Options:
-t or --test
Test the configuration, listing some of the optional kernel
support installed, the interfaces in use, IP addresses,
whether or not you have chosen IP forwarding, IP masquerading,
subnet and ports you have chosen to allow.
-d or --disable
Disables the firewall and sets the default policies back to
ACCEPT. Internet connection sharing is not disabled.
-h or --help
Displays all options available to ipkungfu.
-v or --version
Displays the version number of ipkungfu and exits.
-l or --list
Displays the iptables rule sets and exits.
-c or --check
Check to see if ipkungfu is loaded and display if it is in
disable mode or panic mode if either.
-f or --flush
Flush all iptables rules and delete custom chains. This
completely takes down the firewall, and will also disable
Internet connection sharing.
--panic
Panic mode. All internal and external access is denied. Nothing
is allowed, in or out.
--quiet
Runs ipkungfu with no standard output.
--show-vars
Shows main configuration options (whether specified or
auto detected) and exits.
--failsafe
If ipkungfu fails, default policy for all builtin chains will
revert to ACCEPT. This essentially means the firewall will be
disabled if it fails. This is useful for working with ipkungfu
remotely, to prevent loss of access to the machine.
Requirements:
connection tracking
IP tables support
connection state match support
REJECT target support
full NAT
MASQUERADE target support
packet mangling
TOS target support
LOG (and/or ULOG) target support
multiple port match support
FTP protocol support
IRC protocol support
limit match support
REDIRECT target support
NAT of local connections
Limitations:
Currently IPKungFu does not support IPv6
What's New in This Release:
This release adds rules caching to save a lot of startup time and changes to how open ports are specified.
IpKungFu 0.6.0 search tags