IpKungFu is a nice iptables firewall script.
Version: 0.6.1IPKungFu is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order.
License: GPL
Operating System: Linux
Homepage: www.linuxkungfu.org
Developed by:
It takes advantage of advanced features of iptables, tcpwrappers, and the Linux kernel.
IPKungFu can handle a wide array of configurations, and supports Internet connection sharing, multiple virtual hosts, IP forwarding, IP masquerading, configurable logging, string matching and much more.
IpKungFu project is designed with both the novice and the expert in mind with its simple and easy to use installer, and various configuration files.
Anyone who wishes to simplify the creation of an iptables-based firewall. Additionally, anyone who would like a simple method of configuring a Linux machine to share its Internet connection.
It takes configuration directives from the files in /etc/ipkungfu and uses them, along with some information gathered from your system, to build a firewall using iptables and sysctl. It is primarily an interface to iptables. Which in turn is an interface to the Linux kernel's netfilter code.
Installation:
Download and unpack the source.
Run the installation script.
Edit configuration files in /etc/ipkungfu to taste.
Execute ipkungfu. (/usr/local/sbin/ipkungfu)
Options:
- t or --test
support installed, the interfaces in use, IP addresses,
whether or not you have chosen IP forwarding, IP masquerading,
subnet and ports you have chosen to allow.
-d or --disable
Disables the firewall and sets the default policies back to
ACCEPT. Internet connection sharing is not disabled.
-h or --help
Displays all options available to ipkungfu.
-v or --version
Displays the version number of ipkungfu and exits.
-l or --list
Displays the iptables rule sets and exits.
-c or --check
Check to see if ipkungfu is loaded and display if it is in
disable mode or panic mode if either.
-f or --flush
Flush all iptables rules and delete custom chains. This
completely takes down the firewall, and will also disable
Internet connection sharing.
--panic
Panic mode. All internal and external access is denied. Nothing
is allowed, in or out.
--quiet
Runs ipkungfu with no standard output.
--show-vars
Shows main configuration options (whether specified or
auto detected) and exits.
--failsafe
If ipkungfu fails, default policy for all builtin chains will
revert to ACCEPT. This essentially means the firewall will be
disabled if it fails. This is useful for working with ipkungfu
remotely, to prevent loss of access to the machine.
Requirements:
· connection tracking
· IP tables support
· connection state match support
· REJECT target support
· full NAT
· MASQUERADE target support
· packet mangling
· TOS target support
· LOG (and/or ULOG) target support
· multiple port match support
· FTP protocol support
· IRC protocol support
· limit match support
· REDIRECT target support
· NAT of local connections
Limitations:
· Currently IPKungFu does not support IPv6