endian firewall
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 596
Endian Firewall 2.1.2 Community
Endian Firewall is a turn-key linux security distribution based on IPCop. more>>
Endian Firewall is a "turn-key" linux security distribution based on IPCop that turns every system into a full featured security appliance. Endian Firewall has been designed with "usability in mind" and is very easy to install, use and mange, without loosing its flexibility.
The features include a stateful packet inspection firewall, application-level proxies for variuos protocols (HTTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is commercially supported by Endian.
Main features:
Based Module:
- Firewall (statefull inspection)
- Outgoing Firewall
- IPSec Gateway to gateway VPN
- IPSec Remote client to gateway VPN (roadwarrior)
- NAT
- Multi-IP address support (aliases)
- Dynamic DNS
- DMZ support
- HTTPS Web Interface
- Detailed network traffic graphs
- View currently active connections
- Event log management
- Log redirection to external server
- Server DHCP
- Server NTP
- Traffic Shaping / QoS
- Transparent POP3 antivirus/antispam proxy
- Transparent HTTP proxy
- Web Proxy with local users, windows domain, samba, LDAP, radius server management
- Intrusion Detection System
- ADSL modem support
- Configuration backup and restore
- Remote update
Advanced Antivirus Module:
- HTTP Antivirus
- Endian Security Tools for Windows Desktop
- Transparent SMTP antivirus/antispam proxy
VPN Gateway Module:
- Gateway to gateway VPN with OpenVPN (http://openvpn.net/)
- Remote client to gateway VPN (roadwarrior) with OpenVPN (http://openvpn.net/)
- Bridged and Routed VPN mode
- Endian Client VPN ? Windows, Linux, MacOSX
Web Content Filter Module:
- URL filter
- Web content analysis/filter
- Whitelists and blacklists management
- Web surfing time limits
Enhancements:
- SATA support is now again working
- A wizard after installation asks to set the passwords (root, admin)
- Added possibility to restore a backup directly after installation
- Fix for blocking incoming connections coming in through the VPN [#210]
<<lessThe features include a stateful packet inspection firewall, application-level proxies for variuos protocols (HTTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is commercially supported by Endian.
Main features:
Based Module:
- Firewall (statefull inspection)
- Outgoing Firewall
- IPSec Gateway to gateway VPN
- IPSec Remote client to gateway VPN (roadwarrior)
- NAT
- Multi-IP address support (aliases)
- Dynamic DNS
- DMZ support
- HTTPS Web Interface
- Detailed network traffic graphs
- View currently active connections
- Event log management
- Log redirection to external server
- Server DHCP
- Server NTP
- Traffic Shaping / QoS
- Transparent POP3 antivirus/antispam proxy
- Transparent HTTP proxy
- Web Proxy with local users, windows domain, samba, LDAP, radius server management
- Intrusion Detection System
- ADSL modem support
- Configuration backup and restore
- Remote update
Advanced Antivirus Module:
- HTTP Antivirus
- Endian Security Tools for Windows Desktop
- Transparent SMTP antivirus/antispam proxy
VPN Gateway Module:
- Gateway to gateway VPN with OpenVPN (http://openvpn.net/)
- Remote client to gateway VPN (roadwarrior) with OpenVPN (http://openvpn.net/)
- Bridged and Routed VPN mode
- Endian Client VPN ? Windows, Linux, MacOSX
Web Content Filter Module:
- URL filter
- Web content analysis/filter
- Whitelists and blacklists management
- Web surfing time limits
Enhancements:
- SATA support is now again working
- A wizard after installation asks to set the passwords (root, admin)
- Added possibility to restore a backup directly after installation
- Fix for blocking incoming connections coming in through the VPN [#210]
Download (110MB)
Added: 2007-07-12 License: GPL (GNU General Public License) Price:
875 downloads
BizGuardian Firewall 3.2
Simple to install Internet sharing software for broadband users (ADSL, Cable,... more>> Simple to install Internet sharing software for broadband users (ADSL, Cable, Satellite, T1, T3 etc) that creates a firewall and VPN appliance without unnecessary complexity or cost. Integrated IPsec VPN can be simply set up in ten minutes from the web based GUI. Ideal for remote teleworkers, road warriors (integrated PPTP Server), branch office, home office, and Small to Medium size businesses of all types. Will grow with you to support up to 1,000 users. Comprehensive reporting and remote management tools.<<less
Download (3.00MB)
Added: 2009-04-15 License: Others Price: NA
191 downloads
Linux Firewall 2.0
Linux Firewall is a robust, well-designed firewall for Linux 2.4 based on netfilter/iptables. more>>
Linux Firewall is a robust, well-designed firewall for Linux 2.4 based on netfilter/iptables. The Projectfiles.com Linux Firewall is the swiss army knife of Linux firewall software. Based on the netfilter-iptables tools, the firewall is a single shell executable written in bash with configuration options and basic documentation included in the same file. It is designed for use with all types of systems: workstations, routers, and servers, and includes advanced features for expert users and Internet Service Providers.
Here are some installation tips:
1. Download the latest rc.firewall [wget http://projectfiles.com/firewall/rc.firewall]
2. Edit the options at the beginning of the file with your favorite text editor. The script comes pre-configured to deny all incoming connections. This is suitable for a typical workstation installation. Refer to the configuration page for in depth explanation of available options.
3. Make the script executable [chmod +x ./rc.firewall]
4. Become root [su]
5. Run the script [./rc.firewall]
6. After you verify that the firewall runs without errors, you may want it to be run automatically on boot. To accomplish this, move the script to the appropriate startup script directory for your distribution [/etc/rc.d/ for Slackware, /etc/init.d/ for Gentoo] and add the following lines in your startup scripts at some point after your ethernet interfaces are configured [for example /etc/rc.d/rc.local for Slackware, and /etc/conf.d/local.start for Gentoo].
Slackware
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall
fi
Gentoo
if [ -x /etc/init.d/rc.firewall ]; then
/etc/init.d/rc.firewall
fi
See forum for alternate installation methods.
7. If you are using this firewall on a machine to which you do not have physical access, but can reboot remotely (for example a collocated server or a Linux router at a computer illiterate friends house), you might want to think about putting in a short delay between the time the machine boots and the initialization of the firewall. This would give you a chance to log in and disable the firewall [chmod -x] if something goes wrong. A good example might be if you have the script configured to allow you to connect from a specific remote IP address and your address changes. If you choose to implement this idea, it can be done with the following code in rc.local:
if [ -x /etc/rc.d/rc.firewall ]; then
sleep 30 && /etc/rc.d/rc.firewall | logger -t rc.firewall &
echo "Firewall init in 30 seconds. Check syslog for results."
fi
<<lessHere are some installation tips:
1. Download the latest rc.firewall [wget http://projectfiles.com/firewall/rc.firewall]
2. Edit the options at the beginning of the file with your favorite text editor. The script comes pre-configured to deny all incoming connections. This is suitable for a typical workstation installation. Refer to the configuration page for in depth explanation of available options.
3. Make the script executable [chmod +x ./rc.firewall]
4. Become root [su]
5. Run the script [./rc.firewall]
6. After you verify that the firewall runs without errors, you may want it to be run automatically on boot. To accomplish this, move the script to the appropriate startup script directory for your distribution [/etc/rc.d/ for Slackware, /etc/init.d/ for Gentoo] and add the following lines in your startup scripts at some point after your ethernet interfaces are configured [for example /etc/rc.d/rc.local for Slackware, and /etc/conf.d/local.start for Gentoo].
Slackware
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall
fi
Gentoo
if [ -x /etc/init.d/rc.firewall ]; then
/etc/init.d/rc.firewall
fi
See forum for alternate installation methods.
7. If you are using this firewall on a machine to which you do not have physical access, but can reboot remotely (for example a collocated server or a Linux router at a computer illiterate friends house), you might want to think about putting in a short delay between the time the machine boots and the initialization of the firewall. This would give you a chance to log in and disable the firewall [chmod -x] if something goes wrong. A good example might be if you have the script configured to allow you to connect from a specific remote IP address and your address changes. If you choose to implement this idea, it can be done with the following code in rc.local:
if [ -x /etc/rc.d/rc.firewall ]; then
sleep 30 && /etc/rc.d/rc.firewall | logger -t rc.firewall &
echo "Firewall init in 30 seconds. Check syslog for results."
fi
Download (0.10MB)
Added: 2006-07-25 License: GPL (GNU General Public License) Price:
694 downloads
InJoy Firewall 3.0
InJoy Firewall is a flexible firewall security solution for businesses of any size. more>>
InJoy Firewall is a flexible firewall security solution for businesses of any size. It offers preconfigured policy templates, including full customization options, IPSec VPN integration, gateway capabilities, intuitive management, access control, many documented deployment examples, and comprehensive documentation.
Without question, the Linux Operating System provides a proven and cost-effective platform, as well as a wealth of high-quality open source software. For business use, however, it often proves difficult to find supported linux firewall solutions that provide the required level of confidence, reliability and trust. With the InJoy Firewall, businesses can benefit from Linux without having to give up the safety of a responsible vendor and a traditional business relationship.
Security as never before the InJoy Firewall for Linux provides customers with next generation intrusion and anomaly detection. These technologies provides network administrators with the ultimate tools to keep track of network activity and eliminate Internet threats of any type.
As a busy and responsible network administrator, you will find great relief in the InJoy Firewall. As the only Linux firewall, it is designed from the ground up to be self-contained, thus ensuring optimal performance and minimum impact from third-party problems. This means you dont have to worry about dependencies with Linux connectivity software, software libraries or kernel compilation.
Manage your remote Linux-based Firewall Server from your Windows-based desktop (or any other supported Operating Systems), using the intuitive InJoy firewall GUI. Linux users that prefer plain-text configuration can opt for that with the InJoy firewall as well.
The InJoy firewall works the same under all the supported operating systems, meaning you can deploy a complete and unified protection strategy throughout the business and effortlessly set up fully capable VPNs without having to worry about interoperability issues.
The InJoy firewall installs in minutes and can be prepared for distributed, company-wide deployment, using the same simple installation scripts everywhere.
<<lessWithout question, the Linux Operating System provides a proven and cost-effective platform, as well as a wealth of high-quality open source software. For business use, however, it often proves difficult to find supported linux firewall solutions that provide the required level of confidence, reliability and trust. With the InJoy Firewall, businesses can benefit from Linux without having to give up the safety of a responsible vendor and a traditional business relationship.
Security as never before the InJoy Firewall for Linux provides customers with next generation intrusion and anomaly detection. These technologies provides network administrators with the ultimate tools to keep track of network activity and eliminate Internet threats of any type.
As a busy and responsible network administrator, you will find great relief in the InJoy Firewall. As the only Linux firewall, it is designed from the ground up to be self-contained, thus ensuring optimal performance and minimum impact from third-party problems. This means you dont have to worry about dependencies with Linux connectivity software, software libraries or kernel compilation.
Manage your remote Linux-based Firewall Server from your Windows-based desktop (or any other supported Operating Systems), using the intuitive InJoy firewall GUI. Linux users that prefer plain-text configuration can opt for that with the InJoy firewall as well.
The InJoy firewall works the same under all the supported operating systems, meaning you can deploy a complete and unified protection strategy throughout the business and effortlessly set up fully capable VPNs without having to worry about interoperability issues.
The InJoy firewall installs in minutes and can be prepared for distributed, company-wide deployment, using the same simple installation scripts everywhere.
Download (2.8MB)
Added: 2006-07-12 License: Freeware Price:
1201 downloads
NATting SOHO firewall
NATting SOHO firewall is a firewall script for iptables. more>>
NATting SOHO firewall is a firewall script for iptables.
# Model NATting SOHO firewall for SP article
# by Jay Beale (jay@bastille-linux.org)
#
# Warning: youre going to have to hack this for your own purposes.
#
# Assumptions:
# your internal network is 192.168.1.0/24 on eth1
# your internet IP is 10.0.0.1 on eth0
# your internal network IP on eth1 is 192.168.1.1
#
# Additonally:
# you have another internal network, a DMZ: 192.168.2.0/24 on eth2
$INTERNAL_IP = 192.168.1.1
$INTERNAL_NET = 192.168.1.0/24
$INTERNET = 10.0.0.1
$DMZ = 192.168.2.0/24
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Set default policies for packets going through this firewall box
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -P FORWARD DROP
# Set default policies for packet entering this box
iptables -P OUTPUT ALLOW
iptables -P INPUT ALLOW
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
# Anything coming from our internal network should have only our addresses!
iptables -A FORWARD -i eth1 -s ! $INTERNAL_NET -j DROP
# Anything coming from the Internet should have a real Internet address
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that arent designed
# to leave the LAN
# SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
###
# Transparently proxy all web-surfing through Squid box
$SQUID = 192.168.1.2:8080
$SQUIDSSL = 192.168.1.2:443
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL
# Transparently forward all outgoing mail to a relay host
$SMTP = 192.168.1.3
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP
# Transparently redirect web connections from outside to the DMZ web
# server
$DMZ_WEB = 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT --to $DMZ_WEB
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $INTERNET
# Activate the forwarding!
echo 1 >/proc/sys/net/ipv4/ip_forward
<<less# Model NATting SOHO firewall for SP article
# by Jay Beale (jay@bastille-linux.org)
#
# Warning: youre going to have to hack this for your own purposes.
#
# Assumptions:
# your internal network is 192.168.1.0/24 on eth1
# your internet IP is 10.0.0.1 on eth0
# your internal network IP on eth1 is 192.168.1.1
#
# Additonally:
# you have another internal network, a DMZ: 192.168.2.0/24 on eth2
$INTERNAL_IP = 192.168.1.1
$INTERNAL_NET = 192.168.1.0/24
$INTERNET = 10.0.0.1
$DMZ = 192.168.2.0/24
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Set default policies for packets going through this firewall box
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -P FORWARD DROP
# Set default policies for packet entering this box
iptables -P OUTPUT ALLOW
iptables -P INPUT ALLOW
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
# Anything coming from our internal network should have only our addresses!
iptables -A FORWARD -i eth1 -s ! $INTERNAL_NET -j DROP
# Anything coming from the Internet should have a real Internet address
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that arent designed
# to leave the LAN
# SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
###
# Transparently proxy all web-surfing through Squid box
$SQUID = 192.168.1.2:8080
$SQUIDSSL = 192.168.1.2:443
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL
# Transparently forward all outgoing mail to a relay host
$SMTP = 192.168.1.3
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP
# Transparently redirect web connections from outside to the DMZ web
# server
$DMZ_WEB = 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT --to $DMZ_WEB
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $INTERNET
# Activate the forwarding!
echo 1 >/proc/sys/net/ipv4/ip_forward
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
987 downloads
SINUS Firewall 0.1
SINUS project is a application which assess the potential of security without obscurity. more>>
SINUS project is a application which assess the potential of security without obscurity.
The SINUS Firewall is a TCP/IP packet filter for the Linux operating system. It is distributed under the GNU General Public Licence and comes with complete source code, as the Linux operating system does.
The SINUS firewall is a free and easy way to protect your network from the malware of the Internet. It does not guarantee perfect security, however it comes with a wealth of features, including:
Filtering of all header fields in the IP, TCP, UDP, ICMP, IGMP packets.
Intelligent RIP and FTP support.
Easy to understand, text-based configuration.
Graphical management interface for configuration of several firewalls.
Dynamic rules, including counters and time-outs.
Extensive logging, alerting, and counter intelligence.
Prevention of packet and address spoofing - GNU GPL license.
To install the software, you need a Linux 2.0.x based system. We suggest you install a bare-bone system without X or any of the other nifty features which tend to have security holes. You should not install user accounts on the firewall system. Log-ins other than from the console should be forbidden (if you absolutely have to log in remotely, we strongly suggest you install a copy of ssh).
Although the software has been subject to thorough testing, and has been continuously running without crashes for over 12 months, we are confident someone will eventually unconver A BUG in the software. Therefore, it is version "0.1".
Please do not use this software as the sole means to protect your top secret data. This software is intended for:
People who want to study firewalls
People who dont trust their current firewall
People who currently dont have any protection at all (even if there are serious bugs, it cannot get worse, can it?)
Enhancements:
- NEW FEATURES
- user level authentification between firewall and management interface
- compiles and runs on libc6 (glibc2) systems.
- CHANGES
- management interface now written as Java application (JDK 1.1.6)
- detect land attack
- changed name from sf to sifi (SINUS firewall) due to change of maintainer (now Harald Weidner ).
- BUG FIXES
- TCP RST of established connections now pass through the firewall
- fixed a segfault bug in the passive FTP code
<<lessThe SINUS Firewall is a TCP/IP packet filter for the Linux operating system. It is distributed under the GNU General Public Licence and comes with complete source code, as the Linux operating system does.
The SINUS firewall is a free and easy way to protect your network from the malware of the Internet. It does not guarantee perfect security, however it comes with a wealth of features, including:
Filtering of all header fields in the IP, TCP, UDP, ICMP, IGMP packets.
Intelligent RIP and FTP support.
Easy to understand, text-based configuration.
Graphical management interface for configuration of several firewalls.
Dynamic rules, including counters and time-outs.
Extensive logging, alerting, and counter intelligence.
Prevention of packet and address spoofing - GNU GPL license.
To install the software, you need a Linux 2.0.x based system. We suggest you install a bare-bone system without X or any of the other nifty features which tend to have security holes. You should not install user accounts on the firewall system. Log-ins other than from the console should be forbidden (if you absolutely have to log in remotely, we strongly suggest you install a copy of ssh).
Although the software has been subject to thorough testing, and has been continuously running without crashes for over 12 months, we are confident someone will eventually unconver A BUG in the software. Therefore, it is version "0.1".
Please do not use this software as the sole means to protect your top secret data. This software is intended for:
People who want to study firewalls
People who dont trust their current firewall
People who currently dont have any protection at all (even if there are serious bugs, it cannot get worse, can it?)
Enhancements:
- NEW FEATURES
- user level authentification between firewall and management interface
- compiles and runs on libc6 (glibc2) systems.
- CHANGES
- management interface now written as Java application (JDK 1.1.6)
- detect land attack
- changed name from sf to sifi (SINUS firewall) due to change of maintainer (now Harald Weidner ).
- BUG FIXES
- TCP RST of established connections now pass through the firewall
- fixed a segfault bug in the passive FTP code
Download (0.82MB)
Added: 2006-07-13 License: GPL (GNU General Public License) Price:
1201 downloads
redWall Firewall 2.2.3
redWall Firewall is a bootable CD-ROM firewall with IDS, IPS, proxy, reporting, and spam filtering. more>>
redWall is a bootable CD-ROM Firewall. redWall Firewalls goal is to provide a feature rich firewall solution, with the main goal, to provide a webinterface for all the logfiles generated!
Main features:
- Configuration is currenty stored on a floppy/USB Memory Stick/Harddrive or sent by email (see todo !)
- Due the fact, that most reporting functionality is done via mysql (except for the squid reports), its possible to use the cd as a Mangagement/Logging Console for other firewalls running in your environment using the same cd! Take snort for instance.. you can have 10 firewalls :) running snort, reporting back to the main database on the management/Logging system, in order to have a central "overview" of all your firewalls... Using the SAME CD !! Its all up to you how you configure your firewall and/or Management box !
- based on redhat 9.0
- bridging support
- Mail Virusscanning, spamfiltering and gateway functionality
- /etc is writable (tmpfs) feeded by the configuration medium
- /var is writable (ramdisk or harddisk) (you are not going to run squid on a ramdisk... arent you ?)
- The cd will (at least it should) detect all your network cards (using kudzu) during the initial boot
- During the initial boot, you can setup some basic things like IP Address, Services to start (all disabled by default) and so on
Enhancements:
- A whole lot of new features have been added.
- vuurmuur has been installed again.
- The initial setup has been rewritten to be like a step-by-step configuration.
- A webmin module for openvpn has been added.
- A comprehensive reverse proxy called vultureng has been added.
- Major bugfixes have been applied.
<<lessMain features:
- Configuration is currenty stored on a floppy/USB Memory Stick/Harddrive or sent by email (see todo !)
- Due the fact, that most reporting functionality is done via mysql (except for the squid reports), its possible to use the cd as a Mangagement/Logging Console for other firewalls running in your environment using the same cd! Take snort for instance.. you can have 10 firewalls :) running snort, reporting back to the main database on the management/Logging system, in order to have a central "overview" of all your firewalls... Using the SAME CD !! Its all up to you how you configure your firewall and/or Management box !
- based on redhat 9.0
- bridging support
- Mail Virusscanning, spamfiltering and gateway functionality
- /etc is writable (tmpfs) feeded by the configuration medium
- /var is writable (ramdisk or harddisk) (you are not going to run squid on a ramdisk... arent you ?)
- The cd will (at least it should) detect all your network cards (using kudzu) during the initial boot
- During the initial boot, you can setup some basic things like IP Address, Services to start (all disabled by default) and so on
Enhancements:
- A whole lot of new features have been added.
- vuurmuur has been installed again.
- The initial setup has been rewritten to be like a step-by-step configuration.
- A webmin module for openvpn has been added.
- A comprehensive reverse proxy called vultureng has been added.
- Major bugfixes have been applied.
Download (528.7MB)
Added: 2006-11-02 License: GPL (GNU General Public License) Price:
1087 downloads
UTIN Firewall script
UTIN Firewall script project is a script for Linux 2.4.x and iptables. more>>
UTIN Firewall script project is a script for Linux 2.4.x and iptables.
###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
<<less###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
985 downloads
Shoreline Firewall 4.0.2
Shoreline Firewall is an iptables-based firewall for Linux systems. more>> <<less
Download (0.21MB)
Added: 2007-08-11 License: GPL (GNU General Public License) Price:
810 downloads
BullDog Firewall 7
BullDog is a powerful but lightweight firewall for heavy use systems. more>>
BullDog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems. This system allow dynamic and static rules sets for maximum protection and has several advance features.
This firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite of its predecesors and is redesigned from scratch and still evolving.
Be prepared to spend some time setting this up. If you are looking for a "quick fix", then you are on the wrong site. BullDog is NOT a quick fix, but rather one step in a complete security policy.
Its is covered by the GPL and is FREE and always will be. I encourage and welcome anyone who wants to port and/or provide ideas/code to better this software.
I would like to see this software developed into a new breed of firewall that provides the best of security with ease of use.
This software was developed on Linux v2.2.16-17 and v2.4 with 64 megs to 1 Gig of RAM and supports iptables via the ip_queue kernel module. Bulldog will NOT run on Windows systems.
<<lessThis firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite of its predecesors and is redesigned from scratch and still evolving.
Be prepared to spend some time setting this up. If you are looking for a "quick fix", then you are on the wrong site. BullDog is NOT a quick fix, but rather one step in a complete security policy.
Its is covered by the GPL and is FREE and always will be. I encourage and welcome anyone who wants to port and/or provide ideas/code to better this software.
I would like to see this software developed into a new breed of firewall that provides the best of security with ease of use.
This software was developed on Linux v2.2.16-17 and v2.4 with 64 megs to 1 Gig of RAM and supports iptables via the ip_queue kernel module. Bulldog will NOT run on Windows systems.
Download (0.032MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1209 downloads
DMZ IP Firewall script
DMZ IP Firewall script project is a script for Linux 2.4.x and iptables. more>>
DMZ IP Firewall script project is a script for Linux 2.4.x and iptables.
Sample:
# Configuration options, these will speed you up getting this script to work with your own setup.
# your LANs IP range and localhost IP. /24 means to only use the first 24 bits of the 32 bit IP adress. the same as netmask 255.255.255.0
# STATIC_IP is used by me to allow myself to do anything to myself, might be a security risc but sometimes I want this. If you dont have a static IP, I suggest not using this option at all for now but its still enabled per default and will add some really nifty security bugs for all those who skips reading the documentation
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
INET_IP="194.236.50.152"
INET_IFACE="eth0"
HTTP_IP="194.236.50.153"
DNS_IP="194.236.50.154"
DMZ_HTTP_IP="192.168.1.2"
DMZ_DNS_IP="192.168.1.3"
DMZ_IP="192.168.1.1"
DMZ_IFACE="eth2"
LO_IP="127.0.0.1"
LO_IFACE="lo"
IPTABLES="/usr/local/sbin/iptables"
<<lessSample:
# Configuration options, these will speed you up getting this script to work with your own setup.
# your LANs IP range and localhost IP. /24 means to only use the first 24 bits of the 32 bit IP adress. the same as netmask 255.255.255.0
# STATIC_IP is used by me to allow myself to do anything to myself, might be a security risc but sometimes I want this. If you dont have a static IP, I suggest not using this option at all for now but its still enabled per default and will add some really nifty security bugs for all those who skips reading the documentation
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
INET_IP="194.236.50.152"
INET_IFACE="eth0"
HTTP_IP="194.236.50.153"
DNS_IP="194.236.50.154"
DMZ_HTTP_IP="192.168.1.2"
DMZ_DNS_IP="192.168.1.3"
DMZ_IP="192.168.1.1"
DMZ_IFACE="eth2"
LO_IP="127.0.0.1"
LO_IFACE="lo"
IPTABLES="/usr/local/sbin/iptables"
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
997 downloads
Simple Firewall 0.8
Simple Firewall is a easy tool for administration users and access control. more>>
Simple Firewall is a easy tool for administration users and access control. This tool is made for Linux. Using iptables for packet filtering Write in perl Save rules with xml. That can be run in bash shell and web interface via webmin.
Enhancements:
- Perform reconfigure squid conf for all linux distros
- Fix script init for all linux distros
- Add new menu vpn
- Implemet and integrated PPTP VPN Software
- Modified install script
<<lessEnhancements:
- Perform reconfigure squid conf for all linux distros
- Fix script init for all linux distros
- Add new menu vpn
- Implemet and integrated PPTP VPN Software
- Modified install script
Download (0.096MB)
Added: 2006-07-12 License: GPL (GNU General Public License) Price:
1204 downloads
Lutel Firewall 0.99
LutelWall (formerly known as Lutel Firewall) is high-level linux firewall configuration tool. more>>
LutelWall (formerly known as Lutel Firewall) is high-level linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in most secure way. Its flexibility allows firewall admins build from very simple, single-homed firewalls, to most complex ones - with multiple subnets, DMZs and traffic redirections. It can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is made to be as simple as possible without loosing Netfilter flexibility and its security facilities.
Main features:
- flexible control over traffic using rule set
- user-defined protocols support
- support for any kind multiple external and internal interaces (and aliases)
- automated MASQUERADE / SNAT support
- easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
- rate limit extensions
- packet marking for 3rd party shapers
- TOS (Type of Service) traffic optimizer
- both passive and active FTP support
- DHCP support
- can work as "workstation" firewa
- stateful TCP connection tracking with restrictive TCP chain
- blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
- blocking IP protocol scans (nmap -sO)
- blocking UDP scans (nmap -sU)
- blocking identification via TCP/IP fingerprinting (nmap -O)
- anti-spoof protection, including protection for aliases
- anti-smurf protection
- TCP SYN Flood protection
- UDP / ICMP Flood protection
- IANA reserved addresses checking
- SYSCTL parameters set for increased strength
- logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
- autodetect of connection type (static/dynamic, external/internal)
- auto update of firewall tool
- auto update IANA reserved list
- display firewall statistics in iptables native, csv or html format
- easy deployment on all distributions
Enhancements:
- fixed iptables version checking
<<lessMain features:
- flexible control over traffic using rule set
- user-defined protocols support
- support for any kind multiple external and internal interaces (and aliases)
- automated MASQUERADE / SNAT support
- easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
- rate limit extensions
- packet marking for 3rd party shapers
- TOS (Type of Service) traffic optimizer
- both passive and active FTP support
- DHCP support
- can work as "workstation" firewa
- stateful TCP connection tracking with restrictive TCP chain
- blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
- blocking IP protocol scans (nmap -sO)
- blocking UDP scans (nmap -sU)
- blocking identification via TCP/IP fingerprinting (nmap -O)
- anti-spoof protection, including protection for aliases
- anti-smurf protection
- TCP SYN Flood protection
- UDP / ICMP Flood protection
- IANA reserved addresses checking
- SYSCTL parameters set for increased strength
- logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
- autodetect of connection type (static/dynamic, external/internal)
- auto update of firewall tool
- auto update IANA reserved list
- display firewall statistics in iptables native, csv or html format
- easy deployment on all distributions
Enhancements:
- fixed iptables version checking
Download (0.028MB)
Added: 2006-07-08 License: GPL (GNU General Public License) Price:
1204 downloads
Initial SIMPLE IP Firewall
Initial SIMPLE IP Firewall is a script for Linux 2.4.x and iptables. more>>
Initial SIMPLE IP Firewall is a script for Linux 2.4.x and iptables.
Sample:
Configuration options
###################################
#
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.255.255"
LAN_IFACE="eth1"
###################################
#
# Localhost Configuration.
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
###################################
#
# Internet Configuration.
#
INET_IP="194.236.50.155"
INET_IFACE="eth0"
###################################
#
# IPTables Configuration.
#
IPTABLES="/usr/sbin/iptables"
Module loading
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
<<lessSample:
Configuration options
###################################
#
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.255.255"
LAN_IFACE="eth1"
###################################
#
# Localhost Configuration.
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
###################################
#
# Internet Configuration.
#
INET_IP="194.236.50.155"
INET_IFACE="eth0"
###################################
#
# IPTables Configuration.
#
IPTABLES="/usr/sbin/iptables"
Module loading
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
983 downloads
DHCP IP Firewall script
DHCP IP Firewall script project is a script for Linux 2.4.x and iptables. more>>
DHCP IP Firewall script project is a script for Linux 2.4.x and iptables.
Sample:
1. Configuration options - use these to quicken up the set up.
####################################
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24 bits of the 32 bit IP adress. the same as netmask 255.255.255.0
LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
######################################
#
# Localhost configuration.
#
# Localhost Interface and IP. Should not need any changes.
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
#######################################
#
# Internet configuration.
#
# All information pertaining to the Internet and the Internet connection.
#
INET_IFACE="eth0"
#######################################
#
# DHCP Configuration.
#
# Information pertaining to DHCP over the Internet, if needed.
#
# Set DHCP variable to No if you dont get IP from DHCP. If you get DHCP over the Internet set this variable to Yes, and set up the proper IP adress for the DHCP server in the DHCP_SERVER variable.
DHCP="No"
DHCP_SERVER="195.22.90.65"
#########################################
#
# PPPOE Configuration.
#
# Configuration options pertaining to PPPoE.
#
# If you have problem with your PPPoE connection, such as large mails not getting through while small mail get through properly etc, you may set this option to "yes" which may fix the problem. This option will set a rule in the PREROUTING chain of the mangle table which will clamp (resize) all routed packets to PMTU (Path Maximum Transmit Unit).
#
# Note that it is better to set this up in the PPPoE package itself, since the PPPoE configuration option will give less overhead.
PPPOE_PMTU="No"
##########################################
#
# IPTABLES configuration.
#
# Options pertaining to iptables such as searchpath, etc.
#
IPTABLES="/usr/sbin/iptables"
<<lessSample:
1. Configuration options - use these to quicken up the set up.
####################################
# Local Area Network configuration.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24 bits of the 32 bit IP adress. the same as netmask 255.255.255.0
LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
######################################
#
# Localhost configuration.
#
# Localhost Interface and IP. Should not need any changes.
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
#######################################
#
# Internet configuration.
#
# All information pertaining to the Internet and the Internet connection.
#
INET_IFACE="eth0"
#######################################
#
# DHCP Configuration.
#
# Information pertaining to DHCP over the Internet, if needed.
#
# Set DHCP variable to No if you dont get IP from DHCP. If you get DHCP over the Internet set this variable to Yes, and set up the proper IP adress for the DHCP server in the DHCP_SERVER variable.
DHCP="No"
DHCP_SERVER="195.22.90.65"
#########################################
#
# PPPOE Configuration.
#
# Configuration options pertaining to PPPoE.
#
# If you have problem with your PPPoE connection, such as large mails not getting through while small mail get through properly etc, you may set this option to "yes" which may fix the problem. This option will set a rule in the PREROUTING chain of the mangle table which will clamp (resize) all routed packets to PMTU (Path Maximum Transmit Unit).
#
# Note that it is better to set this up in the PPPoE package itself, since the PPPoE configuration option will give less overhead.
PPPOE_PMTU="No"
##########################################
#
# IPTABLES configuration.
#
# Options pertaining to iptables such as searchpath, etc.
#
IPTABLES="/usr/sbin/iptables"
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
986 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above endian firewall search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
