Seattle Firewall 4.1.1 review
DownloadThe Seattle Firewall is an ipchains firewall that supports IP masquerading and can be used on a standalone system
|
|
The Seattle Firewall is an ipchains firewall that supports IP masquerading and can be used on a standalone system. On a dedicated firewall system, or on a multi-use gateway/server. It supports VPN via IPIP tunnels, IPSec, and PPTP. It is easily configurable by editing configuration files, and can be extended without modifying the base product. It also includes realtime monitoring with an audible alarm that sounds when suspect packets are detected.
Here are some key features of "The Seattle Firewall":
Customizable using configuration files and with explicit ipchains rules without modifying the released Seattle Firewall scripts.
Supports status monitoring with an audible alarm when an "interesting" packet is detected.
Supports VPN via ipip tunnels, IPSec (Seattle Firewall version 3.1 or later required) and PPTP (ipip tunnels require iproute2, PPTP masquerading requires John Hardin's VPN Masquerade patches and IPSec gateways on the firewall system itself require FreeS/WAN).
Supports masqueraded PPTP servers, including PoPToP (requires John Hardin's patch, ipmasqadm and ipfwd).
Beginning with release 3.0, Seattle Firewall supports masqueraded servers (requires ipmasqadm).
Beginning with release 3.0, Seattle Firewall support running PoPToP on a Linux gateway/firewall.
In release 3.0, Seattle Firewall includes limited support for a DMZ.
Version 3.0 and later include an easy installation script.
Version 3.1 and later include a fallback script that backs out the installation of the most recent version of Seattle Firewall.
Version 3.1 and later include an uninstall script.
Beginning with version 3.1, an RPM module is available (thanks go to Simon Piette for creating the RPM).
Beginning with version 3.2.2, a Coyote LRP module is available.
Beginning with version 4.0, Static NAT is supported.
Beginning with version 4.0, Proxy ARP is supported.
Beginning with version 4.0, PPTP primary internet interfaces (such as Austrian-Telekom) are supported.
In version 4.0, much fuller DMZ functionality is supported.
What's New in This Release:
Static NAT
You can configure multiple IP addresses on your internet interface and have Seattle Seawall set up mappings between these addresses and local hosts. See the NAT documentation for details.
Proxy ARP
You can connect systems with public IP addresses to a local interface and have Seattle Seawall act as a firewall for these hosts. See the Proxy ARP documentation for details.
Port forward using destination address. You can now configure multiple IP addresses and use these addresses in setting up port forwarding rules. See the /etc/seawall/servers documentation.
Austrian Telkom subscribers can now use Seattle Firewall. Version 3.3 has added PPTP Internet Interface support. Simply set the internet variable to the interface that connects to your DSL router (Example: internet="eth0") and set myip="PPTP".
There's a new "hits" command in seawall that displays a report about "Packet log:" messages in the current /var/log/messages file.
You can now masquerade an FTP server without having to have a kernel patch.
DMZ support is now much more robust.
Seattle Firewall 4.1.1 search tags