SlackFire 0.44.2 review

Download
by rbytes.net on

SlackFire is an iptables script written especially for Slackware, my favourite Linux distribution in this corner of the Galaxy. Sl

License: GPL (GNU General Public License)
File size: 40K
Developer: Mikhail Zotov
0 stars award from rbytes.net

SlackFire is an iptables script written especially for Slackware, my favourite Linux distribution in this corner of the Galaxy.

SlackFire's main purpose is to protect a stand-alone machine or a small network with a stateful firewall that can be configured easily but in big detail.

Why another iptables script? There are a lot in the Internet, many of them with pretty nice GUI!

First of all, I didn't want to have a firewall that I only could manage and configure via GUI.

Next, I needed to work with a LAN with machines having routable IP addresses. Quite a few scripts available in the Net supported this feature.

Even lesser number of scripts supported configuration of fine-tuned rules. The majority of them just allowed all outgoing connections permitting replies to go back. I wanted to restrict outgoing traffic, too.

I also wanted that configuration can be performed without touching the main script and that this could be done by a person with very little knowledge about iptables.

Thus, I found it easier to write a script of my own than to tune a script written by somebody else.

Limitations:
Currently, SF protects at most two network devices. All other network devices are not affected by the firewall in case packets are sent directly to the box running SF. Forwarded packets are dropped though. (The latter behaviour can be easily fixed.)
I haven't tried SF at machines that use DHCP. I expect that some tuning may be needed, especially in case the script is installed on a DHCP server.
SF has only been tested on machines running Slackware >=9.0 with C locale. Certain things can break if messages produced by ifconfig and iptables use other languages than English. (This can be easily fixed if needed.)
There is no support for NFS through a protected network interface yet. This will be fixed.
Support of FreeS/WAN is not implemented.

There are undoubtedly more, partially because netfilter provides an incredibly rich range of possibilities. Actually, I haven't seen an iptables script in the Internet with all the iptables possibilities implemented.

What's New in This Release:
A minor change was made in bash syntax when proceeding configuration files.
Temporary files are now created using mktemp.

SlackFire 0.44.2 search tags