Search This Blog

Tuesday, September 13, 2005

Improving/Sponsoring package for arno-iptables-firewall

Hi!

I made a package for 'arno-iptables-firewall' (ITP #325696) - which is a quite
popular iptables firewall configuration script
(http://rocky.eld.leidenuniv.nl/). One of its most important features is the
time to setup a secure firewall (just a few minutes). At the same time it is
well documented and can be understood by novice users. But despite this fact,
it is not limited to simple firewall setups. More features:

* Stateful filtering firewall
* Both kernel 2.4 & 2.6 support
* It can be used for both single- and multi(eg. dual)-homed boxes
* Masquerading (NAT) and SNAT support
* Multiple external (internet) interfaces
* Support multiroute NAT & SNAT (load balancing over multiple (internet)
interfaces)
* Port forwarding (NAT)
* Support MAC address filtering
* Support for DSL/ADSL modems
* Support for PPPoE, PPPoA and bridging modem setups
* Support for static and ISP assigned (DHCP) IPs
* Support for (transparent) proxies
* Full support for DMZ's and DMZ-2-LAN forwarding. You can also use
it to isolate your eg. wireless LAN
* (Nmap)(stealth) portscan detection
* Protection against SYN-flooding (DoS attacks)
* Protection against ICMP-flooding (DoS attacks)
* Extensive user-definable logging with rate limiting to prevent log
flooding
* Includes options to optimize your throughput
* User definable open ports, closed ports, trusted hosts, blocked
hosts etc.
* Log & protection options are both highly customizable
* Support for custom iptables rules in a separate file
* Main focus on TCP/UDP/ICMP but additional support for *ALL*
IP protocols
* It works with Freeswan IPSEC (VPN) & SSH Sentinel
(http://www.freeswan.org) (+virtual IP's)
* It works with PoPTop PPTP (http://www.poptop.org)
* It works with UPnP
* DRDOS protection/detection (experimental)

Although I tried:

http://lists.debian.org/debian-devel/2005/08/msg01781.html
http://lists.debian.org/debian-mentors/2005/08/msg00411.html

I have not found someone interested in sponsoring this package, yet.
I'm especially interessed in handling the configuration of the firewall via
debconf. This is already implemented in a simple way, but I would be glad if
someone would comment on it.

The current version of the package can be found here:

http://apsy.gse.uni-magdeburg.de/~hanke/debian/arno-iptables-firewall

Ciao,

Michael

PS: Sorry, for possibly double-posting the message, but I recieve some error.

--
GPG key: 1024D/3144BE0F Michael Hanke
http://apsy.gse.uni-magdeburg.de/hanke
ICQ: 48230050

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: