"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/man/man8/arno-iptables-firewall.8" (16 Sep 2020, 3017 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


Caution: As a special service "Fossies" has tried to format the requested manual source page into HTML format but links to other man pages may be missing or even erroneous. Alternatively you can here view or download the uninterpreted manual source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the latest Fossies "Diffs" side-by-side code changes report for "arno-iptables-firewall.8": 2.1.0_vs_2.1.1.

ARNO-IPTABLES-FIREWALL

NAME
SYNOPSIS
DESCRIPTION
FILES
SEE ALSO
AUTHORS

NAME

arno−iptables−firewall − Single− & multi−homed firewall script with DSL/ADSL support.

SYNOPSIS

arno−iptables−firewall start | restart | force-reload | stop | stop-block | status | status−plugins | check-conf

DESCRIPTION

arno−iptables−firewall is an iptables configuration script with support for both IPv4 & IPv6. In general, it should not be called directly, but rather should be invoked via /etc/init.d/arno−iptables−firewall or systemctl COMMAND arno−iptables−firewall.service, depending on the init system in use. While it is extremely easy to set up a basic firewall one can nevertheless configure it to meet quite complex requirements.

All available options are explained in the extensively documented configuration file.

As a bare minimum the external interface of the system needs to be set up properly in the firewalls configuration (EXT_IF). The default behavior of the firewall is to deny all incoming connections.

Instead of editing the main configuration file, it is recommended to put configuration snippets into .conf files to be placed in the configuration directory. These are sourced after the main configuration file has been read and can be used to override previous (default) configurations.

For additional requirements not covered by the configuration file and not coverable by configuration snippets custom iptables rules can be placed in a custom rules file. This file is automatically parsed by the service script.

Logs are written to a dedicated log file if rsyslogd is in use. The arno−fwfilter script can be used to make the firewall logs more readable for humans (see manpage).

Several plugins implementing advanced features come with the firewall script. Each of them brings its own configuration file to be found in the plugins configuration directory.

FILES

/etc/arno−iptables−firewall/firewall.conf

main configuration file

/etc/arno−iptables−firewall/conf.d/

firewall configuration directory

/etc/arno−iptables−firewall/plugins/

plugins configuration directory

/etc/arno−iptables−firewall/custom−rules

custom iptables rules file

/etc/arno−iptables−firewall/blocked−hosts

host blacklist. This file does not pre-exist and its use is disabled in the main configuration file by default.

/var/log/arno−iptables−firewall

log file maintained by rsyslogd

SEE ALSO

iptables(8), arno−fwfilter(1), /usr/local/share/doc/arno-iptables-firewall/README.gz, https://rocky.eld.leidenuniv.nl/

AUTHORS

arno−iptables−firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl> and Lonnie Abelbeck <lonnie@abelbeck.com>.

This manual page was initially written by Michael Hanke <michael.hanke@gmail.com> and has been reworked by Sven Geuer <debmaint@g−e−u−e−r.de>, for the Debian project (but may be used by others).