firewall 20020626 review
DownloadFirewall is a set of scripts (firewall, fwup and fwdown) that implement an ipchains firewall and various forms of network address and
|
|
Firewall is a set of scripts (firewall, fwup and fwdown) that implement an ipchains firewall and various forms of network address and port translation. All you have to do is read the policy file and edit it to reflect your topology and filtering policy.
The policy file is composed of sections in which you need to specify: this host's trusted and untrusted network interfaces; this host's role and function within the network topology; the incoming and outgoing services to allow and the internal and external hosts that may take part in them. It has been designed to make this as painless and flexible as possible.
Each section contains detailed explanations and advice on things such as when to start the firewall and the security implications of various well known internet services and advice on how to allow them safely. It is intended to introduce administrators to some subtleties of packet filtering quickly so that they can make better informed security decisions and achieve and maintain effective network security (at least the packet filtering part) in a very short time. Of course, it will not prevent you from making bad network security, but you will have been warned.
Here are some key features of "firewall":
Single Host (no forwarding, no address/port translation)
Forwarding (no address/port translation)
Masquerading (outgoing M:1 NAPT)
Port Forwarding (Masquerading + incoming 1:M NAPT)
Alias Port Forwarding (Masquerading + incoming N:M NAPT)
Static NAT (incoming and outgoing 1:1 NAT)
firewall 20020626 keywords