levy 1.22 review

Download
by rbytes.net on

levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open

License: Artistic License
File size: 9K
Developer: Roger Gregory
0 stars award from rbytes.net

levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open. Its design is to save folks some time in creating a skeleton ruleset to work from, though it can construct a fully functional firewall with NAT support.

levy has several run-time options to control what sorts of rulesets to generate: see levy.pl -h for a full list.

Here are some examples for usage:

I want a basic firewall which allows in ports 22, 80, 113 (matching their protocols), logs all dropped connections, aggressively defines reserved addresses, and provides NAT for 192.168.0.0/16. My interface to the internet is eth0 --

./levy.pl eth0 22 80 113 -l -r -m -n 192.168.0.0/16 > firewall.rules

After testing this ruleset, I decide it's fine, though I want to open https (443) and set the output as a shell script I can just run:

./levy.pl eth0 22 80 113 143 -e -l -r -m -n 192.168.0.0/16 > firewall.rc

Here are some key features of "levy":
Levy supports creating a restrictive firewall with specific 'public' services, defined subnets for NAT, and defined trusted networks.

levy 1.22 keywords