diff options
author | Philip Lacroix <philnx@bluebottle.com> | 2014-03-12 07:29:12 +0700 |
---|---|---|
committer | Erik Hanson <erik@slackbuilds.org> | 2014-03-12 12:42:52 -0500 |
commit | 26e1286f3a1530d581150b2aceb22300968dbb99 (patch) | |
tree | 1f83029ab263968ff84807b8d2a495c10e6c30c6 /network/arno-iptables-firewall/README | |
parent | 564e1f2a5bd9245600ccf321960bc85607c88555 (diff) |
network/arno-iptables-firewall: Added (a front-end for iptables).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/arno-iptables-firewall/README')
-rw-r--r-- | network/arno-iptables-firewall/README | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README new file mode 100644 index 0000000000000..8cee93f4577b1 --- /dev/null +++ b/network/arno-iptables-firewall/README @@ -0,0 +1,41 @@ +arno-iptables-firewall is a front-end for iptables. Its configuration +script will setup a secure and restrictive firewall by just asking a +few questions. This includes configuring internal networks for Internet +access via NAT and network services like http or ssh. Moreover, it +provides many advanced additional features that can be enabled in the +well documented configuration file. + +PLEASE NOTE - The setup script is NOT going to be run automatically +after your package is installed. In order to do that, you'll have to +issue the following command: + +# arno-iptables-firewall-configure + +To enable firewall startup at boot-time you'll need to create a symlink +as follows (remove the link to disable automatic firewall startup): + +# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall +# chmod +x /etc/rc.d/rc.arno-iptables-firewall + +When everything is ready you can start the firewall manually with one +of the following commands: + +# /etc/rc.d/rc.arno-iptables-firewall start + +# arno-iptables-firewall start + +IMPORTANT - Here are some security notes from the upstream author: + +1) If possible, make sure that the firewall is started before the (ADSL) +Internet connection is enabled. For a ppp-interface that doesn't exist +yet you can use the wildcard device called "ppp+" (but you can only use +ppp+ if there aren't any other ppp interfaces). + +2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't +really understand what they mean. Changing them anyway could have a big +impact on the security of your machine. + +3) A lot of people complain that their server stopped working after +installing the firewall. This is the CORRECT behaviour for a firewall: +blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP +accordingly. |