diff options
Diffstat (limited to 'network/arno-iptables-firewall/README')
-rw-r--r-- | network/arno-iptables-firewall/README | 63 |
1 files changed, 38 insertions, 25 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 57dc9d2018..8c697817da 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,39 +1,52 @@ -arno-iptables-firewall is a front-end for iptables. Its configuration script -will set up a secure and restrictive firewall by just asking a few questions. -This includes configuring internal networks for Internet access via NAT and -potential network services like http or ssh. Moreover, it provides advanced -additional features that can be enabled in the well documented configuration -file. +arno-iptables-firewall is a front-end for iptables. Its configuration +script will set up a secure and restrictive firewall by just asking +a few questions. This includes configuring internal networks for +Internet access via NAT, and potential network services like http or +ssh. Moreover, it provides advanced additional features that can be +enabled in the well documented configuration file. -NOTE - The setup script will *not* run automatically after your package was -installed. In order to run the script you have to issue the following command: +NOTE - The setup script will NOT run automatically after the package +has been installed. In order to run the script, the following command +has to be issued: # arno-iptables-firewall-configure -To enable the startup of the firewall at boot-time you need to create a symlink -as follows (in order to disable it, either remove the symlink or "chmod -x" the -startup script): +In order to start the firewall automatically at boot-time, an +"rc.firewall" symlink to the startup script has to be created +in /etc/rc.d/ and of course the startup script itself should be +executable: -# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall -# chmod +x /etc/rc.d/rc.arno-iptables-firewall +# cd /etc/rc.d/ +# ln -sv rc.arno-iptables-firewall rc.firewall +# chmod +x rc.arno-iptables-firewall -You can also start the firewall manually with one of the following commands: +In order to disable startup of the firewall at boot time, remove the +symlink or the executable bit from the startup script: -# /etc/rc.d/rc.arno-iptables-firewall start +# rm /etc/rc.d/rc.firewall +# chmod -x /etc/rc.d/rc.arno-iptables-firewall + +The firewall can also be started manually with one of the following +commands: # arno-iptables-firewall start +# /etc/rc.d/rc.arno-iptables-firewall start + +Please refer to the man page for more details. + IMPORTANT - A few security notes from the upstream author: -1) If possible make sure that the firewall is started before the (ADSL) Internet -connection is enabled. For a ppp-interface that doesn't exist yet you can use -the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any -other ppp interfaces). +1) If possible make sure that the firewall is started before the +(ADSL) Internet connection is enabled. For a ppp-interface that +doesn't exist yet, you can use the wildcard device called "ppp+" (but +you can only use ppp+ if there aren't any other ppp interfaces). -2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really -understand what they mean. Changing them anyway could have a big impact on the -security of your machine. +2) Don't change any (security) settings ('EXPERT SETTINGS') if you +don't really understand what they mean. Changing them anyway could +have a big impact on the security of your machine. -3) A lot of people complain that their server stopped working after installing -the firewall. This is the *correct* behaviour for a firewall: blocking *all* -incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly. +3) A lot of people complain that their server stopped working after +installing the firewall. This is the correct behaviour for a firewall: +blocking all incoming traffic by default. Configure your OPEN_TCP +(e.g.) accordingly. |