Linux Firewall 2.0 review

by on

Linux Firewall is a robust, well-designed firewall for Linux 2.4 based on netfilter/iptables

License: GPL (GNU General Public License)
File size: 0K
Developer: Scott Bartlett
0 stars award from

Linux Firewall is a robust, well-designed firewall for Linux 2.4 based on netfilter/iptables. The Linux Firewall is the swiss army knife of Linux firewall software. Based on the netfilter-iptables tools, the firewall is a single shell executable written in bash with configuration options and basic documentation included in the same file. It is designed for use with all types of systems: workstations, routers, and servers, and includes advanced features for expert users and Internet Service Providers.

Here are some installation tips:

1. Download the latest rc.firewall [wget]
2. Edit the options at the beginning of the file with your favorite text editor. The script comes pre-configured to deny all incoming connections. This is suitable for a typical workstation installation. Refer to the configuration page for in depth explanation of available options.
3. Make the script executable [chmod +x ./rc.firewall]
4. Become root [su]
5. Run the script [./rc.firewall]
6. After you verify that the firewall runs without errors, you may want it to be run automatically on boot. To accomplish this, move the script to the appropriate startup script directory for your distribution [/etc/rc.d/ for Slackware, /etc/init.d/ for Gentoo] and add the following lines in your startup scripts at some point after your ethernet interfaces are configured [for example /etc/rc.d/rc.local for Slackware, and /etc/conf.d/local.start for Gentoo].

if [ -x /etc/rc.d/rc.firewall ]; then
if [ -x /etc/init.d/rc.firewall ]; then

See forum for alternate installation methods.
7. If you are using this firewall on a machine to which you do not have physical access, but can reboot remotely (for example a collocated server or a Linux router at a computer illiterate friend's house), you might want to think about putting in a short delay between the time the machine boots and the initialization of the firewall. This would give you a chance to log in and disable the firewall [chmod -x] if something goes wrong. A good example might be if you have the script configured to allow you to connect from a specific remote IP address and your address changes. If you choose to implement this idea, it can be done with the following code in rc.local:

if [ -x /etc/rc.d/rc.firewall ]; then
sleep 30 && /etc/rc.d/rc.firewall | logger -t rc.firewall &
echo "Firewall init in 30 seconds. Check syslog for results."

1. You need the iptables user-space tools installed. Every distribution should have a package that includes these tools.
2. You need proc filesystem support. Everyone should already have this unless you
re doing something strange.
3. In addition to basic networking options such as TCP/IP support and drivers for your network cards, your kernel must have support for the options listed below. Most distributions already have support for all required options. The script should report a problem if a required component is missing. If it does not please post a bug report on the forum.

Linux Firewall 2.0 keywords