aboutsummaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/README
diff options
context:
space:
mode:
authorPhilip Lacroix <philnx@bluebottle.com>2014-03-12 07:29:12 +0700
committerErik Hanson <erik@slackbuilds.org>2014-03-12 12:42:52 -0500
commit26e1286f3a1530d581150b2aceb22300968dbb99 (patch)
tree1f83029ab263968ff84807b8d2a495c10e6c30c6 /network/arno-iptables-firewall/README
parent564e1f2a5bd9245600ccf321960bc85607c88555 (diff)
network/arno-iptables-firewall: Added (a front-end for iptables).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/arno-iptables-firewall/README')
-rw-r--r--network/arno-iptables-firewall/README41
1 files changed, 41 insertions, 0 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README
new file mode 100644
index 0000000000000..8cee93f4577b1
--- /dev/null
+++ b/network/arno-iptables-firewall/README
@@ -0,0 +1,41 @@
+arno-iptables-firewall is a front-end for iptables. Its configuration
+script will setup a secure and restrictive firewall by just asking a
+few questions. This includes configuring internal networks for Internet
+access via NAT and network services like http or ssh. Moreover, it
+provides many advanced additional features that can be enabled in the
+well documented configuration file.
+
+PLEASE NOTE - The setup script is NOT going to be run automatically
+after your package is installed. In order to do that, you'll have to
+issue the following command:
+
+# arno-iptables-firewall-configure
+
+To enable firewall startup at boot-time you'll need to create a symlink
+as follows (remove the link to disable automatic firewall startup):
+
+# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
+# chmod +x /etc/rc.d/rc.arno-iptables-firewall
+
+When everything is ready you can start the firewall manually with one
+of the following commands:
+
+# /etc/rc.d/rc.arno-iptables-firewall start
+
+# arno-iptables-firewall start
+
+IMPORTANT - Here are some security notes from the upstream author:
+
+1) If possible, make sure that the firewall is started before the (ADSL)
+Internet connection is enabled. For a ppp-interface that doesn't exist
+yet you can use the wildcard device called "ppp+" (but you can only use
+ppp+ if there aren't any other ppp interfaces).
+
+2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
+really understand what they mean. Changing them anyway could have a big
+impact on the security of your machine.
+
+3) A lot of people complain that their server stopped working after
+installing the firewall. This is the CORRECT behaviour for a firewall:
+blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
+accordingly.