LIFS - Linux Iptables Firewall ScriptLIFS allows you to setup a firewall within minutes. LFS is designed to be easy to use. You don't even need to learn anything about iptables. Just look at this example. With these lines you will have setup a home network with your firewall providing internet access to all computers within your home network. nat "$HOME_NETWORK" "$EXTERNAL_IP" "$INTERNET_INTERFACE"
allow_forward "$HOME_NETWORK" any any any That is easy right? This doesn't mean that LFS is just for simple home networks. LFS is designed to be both simple and powerfull. Most professional commercial firewalls provide you with the concept of objects and groups. Iptables doesn't provide you that (in an easy way). So with LFS you can put hosts, networks and services (TCP/UDP) into groups. Working with objects and groups allows you to keep your firewall ruleset small and simple. Let's take a look at the use of objects and groups. HTTP_SERVICES="
80/tcp
443/tcp
"
WEB_SERVER_1=192.168.0.10
WEB_SERVER_2=192.168.0.11
WEB_SERVERS="
$WEB_SERVER_1
$WEB_SERVER_2
"
allow_in any "$WEB_SRVERS" any "$HTTP_SERVICES"Look at how powerfull this specific firewall rule is. It is in fact four rules: for every port and every host, a rule is generated. Two ports and two hosts make four rules. Notice how this would scale perfectly. As the number of hosts and services grows, the actuall LIFS firewall rule stays the same. This is the basic syntax for every firewall rule: allow_in <source host(s)> <destination host(s)> <source port(s)> <destination port(s)> Take a look at the wiki to learn more about the features and configuration of LIFS.
|
