IP-Array 0.05.72 review
DownloadIP-Array is a Linux iptables firewall script written in bash
|
|
IP-Array is a Linux iptables firewall script written in bash. IP-Array allows the creation of precise, stateful rules, while remaining easy to configure.
Goals:
An easy to configure firewall
still leaving the user the possiblillity to configure detailed rules
which creates thight ruleset
which is easy to customize, extendable, scriptable
with senseful 'presets' for common situations
Here are some key features of "IP Array":
Multiple LANs.
VPN (ipsec).
A DMZ.
Traffic shaping.
'Autoconfig' options for i.e: DNS, FTP.
Logging functionality.
MAC address matching.
Easy and fast to configure through one main config and one rule file.
Muliple verbose modi with(out) logging to syslog.
Different startup logic according to command line parameter(s).
Test mode to test new configurations.
Creates tight stateful rules, always using both interfaces, when forwarding.
Various SysCtl settings.
and more ...
What's New in This Release:
+ - Added function 'color_msg()' to display coloured messages.
+ - Added the configuration options to allow the user to define the colours
used for main-title, subtitle, info-title, notice, warning and error
messages.
+ - Added function 'precheck_config()', to validate configuration entries
before any action is performed.
+ - Added limit / burst options to all filter table rules.
+ - Added options 'IFBOUND' and 'IPBOUND' to 'RESTRICT_OUTPUT' config option,
which create either interface, or IP address bound rules.
+ - Added interface classifying chains for mangle table.
+ - Added support for non case-sensitive configuration values at places
where it makes sense and the called program supports them.
+ - Added cburst and mtu options to tc class routines.
+ - Added startup parameter 'save-tc-commands' to save tc commands to file.
+ - Added startup parameter 'save-iptables-commands' to save the iptables
commands to file.
+ - Added startup parameter 'dry-run', which runs IP-Array without executing
any resulting command.
+ - Added saving of sysctl settings commands.
+ - Added error counter for sysctl commands.
* - Changed startup parameter 'save-commands' to save all commands, including
iptables, tc and sysctl settings.
* - Made LAN DNS preset work for all local networks including dmz networks,
which were missing previously.
* - Adapted 'end_msg()' to display different status message according to
runmode.
* - Commands for sysctl settings are now also cached into an array like
iptables and tc commands.
* - Rewrote function 'flushdel_tables()', which is now more generic.
* - Rewrote function 'validate_rule()'. Parameter validations are now in
separate sub functions. All global rule handling variables are now of
local type.
* - Comments inside rule variables (arrays) can now be placed on the
same line as the rule, not only on separate lines like before.
* - Changed IP-Array structure:
Main script is now executable in 'BIN_DIR/{stable,test}'.
* - Changed the look of the init script 'usage()' output.
* - Major optimizations in the init script.
* - More detailed (error)log output in some functions.
* - Various code optimizations.
! - Fixed a bug in 'reqparm()', where the function only returned
on error, instead of reporting a missing parameter.
! - Minor bugfixes concerning wrong log output.
- - Removed options '-p, -q, -z' from 'log()' function.
- - Removed config option 'SET_TTL', as its functionality is given by
'ENABLE_TTL_NETS'.
IP-Array 0.05.72 keywords