diff options
| author |   Philip Lacroix | 2020-02-15 02:24:56 +0100 |
|---|---|---|
| committer |   Willy Sudiarto Raharjo | 2020-02-15 02:24:56 +0100 |
| commit | 20d99306257efa07c918787ca7fcae1200efc610 (patch) | |
| tree | f31e6cf4205f8161d28300f24a1a90f00e800eac /network/arno-iptables-firewall/README | |
| parent | 6c80119606dccca96d51458218bc1c352b07c430 (diff) | |
| download | slackbuilds-20d99306257efa07c918787ca7fcae1200efc610.tar.gz | |
network/arno-iptables-firewall: Updated for version 2.1.0.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/arno-iptables-firewall/README')
| -rw-r--r-- | network/arno-iptables-firewall/README | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 57dc9d2018..23ad6f4255 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,32 +1,41 @@ arno-iptables-firewall is a front-end for iptables. Its configuration script will set up a secure and restrictive firewall by just asking a few questions. -This includes configuring internal networks for Internet access via NAT and +This includes configuring internal networks for Internet access via NAT, and potential network services like http or ssh. Moreover, it provides advanced additional features that can be enabled in the well documented configuration file. -NOTE - The setup script will *not* run automatically after your package was -installed. In order to run the script you have to issue the following command: +NOTE - The setup script will NOT run automatically after the package has been +installed. In order to run the script, the following command has to be issued: # arno-iptables-firewall-configure -To enable the startup of the firewall at boot-time you need to create a symlink -as follows (in order to disable it, either remove the symlink or "chmod -x" the -startup script): +In order to start the firewall automatically at boot-time, an "rc.firewall" +symlink to the startup script has to be created in /etc/rc.d/ and of course +the startup script itself should be executable: -# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall -# chmod +x /etc/rc.d/rc.arno-iptables-firewall +# cd /etc/rc.d/ +# ln -sv rc.arno-iptables-firewall rc.firewall +# chmod +x rc.arno-iptables-firewall -You can also start the firewall manually with one of the following commands: +In order to disable startup of the firewall at boot time, remove the symlink or +the executable bit from the startup script: -# /etc/rc.d/rc.arno-iptables-firewall start +# rm /etc/rc.d/rc.firewall +# chmod -x /etc/rc.d/rc.arno-iptables-firewall + +The firewall can also be started manually with one of the following commands: # arno-iptables-firewall start +# /etc/rc.d/rc.arno-iptables-firewall start + +Please refer to the man page for more details. + IMPORTANT - A few security notes from the upstream author: 1) If possible make sure that the firewall is started before the (ADSL) Internet -connection is enabled. For a ppp-interface that doesn't exist yet you can use +connection is enabled. For a ppp-interface that doesn't exist yet, you can use the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any other ppp interfaces). @@ -35,5 +44,5 @@ understand what they mean. Changing them anyway could have a big impact on the security of your machine. 3) A lot of people complain that their server stopped working after installing -the firewall. This is the *correct* behaviour for a firewall: blocking *all* +the firewall. This is the correct behaviour for a firewall: blocking all incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly. |