Linux Firewall is a reliable software built for Linux 2.4, that creates a secure barrier for your system using netfilter/iptables technology.
Installation is easy. Start by downloading the latest rc.firewall [wget], and editing the options located at the beginning of the file with the text editor of your choice. The script comes by default configured for denying all incoming connections, making it perfect for a typical workstation installation. However, you can view the configuration page for more in-depth explanations of the available options.
After configuring to your liking, ensure that the script is executable [chmod +x ./rc.firewall]. Then, switch to root [su] and run the script [./rc.firewall] to verify that it runs error-free. You may even want it to run automatically on boot. To include this feature, move the script to the appropriate startup script directory for your distribution [/etc/rc.d/ for Slackware, /etc/init.d/ for Gentoo] and add the following lines in your startup scripts after configuring your ethernet interfaces [/etc/rc.d/rc.local for Slackware, and /etc/conf.d/local.start for Gentoo].
Some alternate installation methods are available, and if you are unable to access the machine physically but can reboot remotely (such as with a Linux router at your friend's house), consider implementing a short delay between the boot and the initialization of the firewall. Doing so could allow you to log in and disable the firewall [chmod -x] if things go wrong. For example, if you have designated the script to allow connections from remote IP addresses, and something happens to change the address.
To run a delay in the firewall initialization, use the following code in rc.local:
if [ -x /etc/rc.d/rc.firewall ]; then
sleep 30 && /etc/rc.d/rc.firewall | logger -t rc.firewall &
echo "Firewall init in 30 seconds. Check syslog for results."
fi
To install the Linux Firewall software, ensure that you have the iptables user-space tools installed, which should be included in every distribution package. Your system also requires proc filesystem support and basic networking options such as TCP/IP support and drivers for your network cards. The kernel must also support several options listed in the script, which most standard distributions should already have. The script should report any missing components, but if not, feel free to post a bug report on the forum.
Version 2.0: N/A