summaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/arno-iptables-firewall/README')
-rw-r--r--network/arno-iptables-firewall/README41
1 files changed, 41 insertions, 0 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README
new file mode 100644
index 0000000000..8cee93f457
--- /dev/null
+++ b/network/arno-iptables-firewall/README
@@ -0,0 +1,41 @@
+arno-iptables-firewall is a front-end for iptables. Its configuration
+script will setup a secure and restrictive firewall by just asking a
+few questions. This includes configuring internal networks for Internet
+access via NAT and network services like http or ssh. Moreover, it
+provides many advanced additional features that can be enabled in the
+well documented configuration file.
+
+PLEASE NOTE - The setup script is NOT going to be run automatically
+after your package is installed. In order to do that, you'll have to
+issue the following command:
+
+# arno-iptables-firewall-configure
+
+To enable firewall startup at boot-time you'll need to create a symlink
+as follows (remove the link to disable automatic firewall startup):
+
+# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
+# chmod +x /etc/rc.d/rc.arno-iptables-firewall
+
+When everything is ready you can start the firewall manually with one
+of the following commands:
+
+# /etc/rc.d/rc.arno-iptables-firewall start
+
+# arno-iptables-firewall start
+
+IMPORTANT - Here are some security notes from the upstream author:
+
+1) If possible, make sure that the firewall is started before the (ADSL)
+Internet connection is enabled. For a ppp-interface that doesn't exist
+yet you can use the wildcard device called "ppp+" (but you can only use
+ppp+ if there aren't any other ppp interfaces).
+
+2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
+really understand what they mean. Changing them anyway could have a big
+impact on the security of your machine.
+
+3) A lot of people complain that their server stopped working after
+installing the firewall. This is the CORRECT behaviour for a firewall:
+blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
+accordingly.
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-20 04:31:08 +0000