sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
iptables for retards...
379 Commits 5 Branches 37 Tags 5.2 MiB
Shell 83.3%
HTML 9.5%
M4 5.1%
Perl 0.8%
Makefile 0.7%
Other 0.6%
c8dad4f53a
Go to file
ktsaou c8dad4f53a Small internal changes. 
Added support for integration with knockd (http://www.zeroflux.org/knock/)
This integration comes as part of the ACCEPT action:

accept [with knock <name>]
The optional parameter 'with knock' allows easy integration with knockd,
a server that allows you to control access to services, by sending certain
packets to "knock" the door, before the door is open for service.

This parameter accepts just a name. This name is used to build a special
chain knock_<name> which will contain no rules, so that the traffic entering
this chain will just return back and continue to match against the other
rules until the end of the firewall.

As an example, lets say that you want to allow https traffic based on a knock.
In FireHOL you write:

   server https accept with knock hidden

and you configure knockd so that it runs:

   iptables -A knock_hidden -s %IP% -j ACCEPT

to enable the https service (notice that there is no need to match anything
else than the IP. FireHOL already matches everything needed for its rules
to work), and:

   iptables -D knock_hidden -s %IP% -j ACCEPT

to disable this service for the given IP.
2004-12-22 23:05:57 +00:00
doc Small internal changes. 2004-12-22 23:05:57 +00:00
examples Added lan-gateway.conf 2003-10-12 13:43:41 +00:00
man Added man page for firehol.conf, contributed by 2003-06-10 20:44:27 +00:00
.cvs Added helper 'ecn_shame' that once called, it looks if ECN is enabled in 2004-05-05 23:41:19 +00:00
.spec added /etc/firehol/services 2004-11-01 23:47:21 +00:00
adblock.sh Various changes, preparing for release... 2003-10-07 23:42:17 +00:00
buildrpm.sh *** empty log message *** 2004-11-01 00:23:08 +00:00
ChangeLog *** empty log message *** 2004-10-31 20:24:12 +00:00
COPYING Added to FireHOL distribution. 2002-12-07 00:48:34 +00:00
firehol.sh Small internal changes. 2004-12-22 23:05:57 +00:00
get-iana.sh Further optimized and reduced PRIVATE_IPS using: 2004-01-10 18:44:39 +00:00
prettyconf.sh Bug #793889: 2003-08-23 23:26:50 +00:00
README *** empty log message *** 2004-10-31 20:24:12 +00:00
TODO *** empty log message *** 2004-12-03 20:12:21 +00:00
WhatIsNew *** empty log message *** 2004-10-31 21:14:42 +00:00

README 

$Id: README,v 1.7 2004/10/31 20:28:02 ktsaou Exp $

FireHOL, an iptables stateful packet filtering firewall for humans!
Copyright (C) 2003 Costa Tsaousis <costa@tsaousis.gr>


LICENSE
-------
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA


DOCUMENTATION
-------------
If you received this program in as a RPM, documentation should be
installed at /usr/share/doc/firehol-X.XX.
Otherwise, documentation should be available in the doc/ directory
of the .tar.bz2 archive you received.

In any case, you can also find the documentation online, at:

                     http://firehol.sf.net


INSTALLATION
------------

RPM
~~~
RPM distributions automatically install the program. After a RPM
installation, FireHOL should be available at /etc/init.d/firehol
and its default configuration at /etc/firehol/firehol.conf.
Please use the chkconfig system utility to enable/disable
firehol's activity at boot time.

TAR.BZ2
~~~~~~~
This type of distribution includes all the files in the directory
where you uncompress it.
To make FireHOL start at boot time you have to add it to the startup
procedure of your operating system.

Three things are needed to start FireHOL properly:

1. Move firehol.sh to the directory where your startup scripts exist
   and rename it to firehol (i.e. remove the .sh).

2. Make sure FireHOL is called with something like:

         /path/to/startup/scripts/firehol start

3. Make sure there is a valid configuration file in
   /etc/firehol/firehol.conf

This is it.

Note, that the .tar.bz2 releases can also be used to build an .rpm
using:

rpmbuild -tb firehol-XX-YY.tar.bz2

However, CVS versions - firehol.tar.gz - should not be used this way.


IMPORTANT NOTES
---------------
If you decide to use FireHOL regularly (or permanently) you have to
understand that it will control your firewall and therefore be a
key point of your security. You should do something to be notified
of bugs or other kind of problems as soon as they appear.

I suggest to subscribe to the notification engine of freshmeat.net
under this project or to monitor FireHOL's file releases at
sourceforge.net. Both of these services will keep you anonymous
(to me) but will update you if and when new releases become available.


CONTRIBUTING
------------
I'll be glad to receive your ideas, patches, case studies, service
definitions, etc.

Here is my e-mail: costa@tsaousis.gr

Please note however that this is my personal e-mail that I read
just once per day and in some cases, once every a few days. If you
want some faster response, you can always use the mailing lists
and forums under this project at sourceforge.

Kind Regards
Costa Tsaousis