-
Notifications
You must be signed in to change notification settings - Fork 3
/
README
237 lines (169 loc) · 8.9 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#############################################################################
# #
# SilentBob Firewall - a fork of #
# #
# Jay's Iptables Firewall #
# #
# Original script written by Jerome Nokin #
# Abandoned by Jerome in 2007 according to his website #
# Resurrected by Thomas Frivold on 01.08.2012 #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, #
# MA 02111-1307 USA #
# #
#############################################################################
LICENSE: GPLv2 - Please see http://www.gnu.org/licenses/gpl-2.0.html
COMPATIBLE WITH: DEBIAN, UBUNTU, SLACKWARE, ARCHLINUX and others
(Possibly also non-x86 platforms)
TESTED ON: DEBIAN 6 [SQUEEZE], UBUNTU 12.04 [PRECISE PANGOLIN]
HOMEPAGE: https://github.com/thomasfrivold/SilentBob
OLD HOMEPAGE: http://firewall-jay.sourceforge.net/
OLD FRESHMEAT PAGE: http://freecode.com/projects/firewall-jay
REQUIRES: dialog (apt-get install dialog)
########################
# ACKNOWLEDGEMENTS #
########################
This script was originally designed, coded and written by
Jerome Nokin. I hope he will be happy that I have picked up the
pieces of his great work on this firewall script. If a user downloads
the last version ever published, Jay's Firewall v1.0.5, it will find
that it does not work (anymore). I have been able to sort out
the quirks that kept it from running, and have now published this
altered version as a fork on Github under the name Silentbob.
The goal is to keep the software alive and kicking, and to ultimately
have a nice firewall script to run on gateways and servers.
Although Jerome recommends users to look elsewhere, for instance
at M0n0wall or Shorewall, I still prefer Jay's Firewall for
it's useability.
My minor edits and small hacks should not be praised, it was Jerome Nokin
who did the impressive work on this script. Thanks Jerome!
- Thomas Frivold 01.08.2012
Website: https://github.com/thomasfrivold/silentbob
Contact: Thomas Frivold <[email protected]>
INTRODUCTION FAQ:
Q: What does SilentBob do?
A: SilentBob is a frontend for iptables, which lets you configure
your Linux machine as a firewall or network router.
It uses a menu driven (ncurses) configure system which is very
easy to use.
Q: On what does SilentBob run on?
A: Unlike Jay's Firewall v1.0.5 which was released in 2005, SilentBob
runs on contemporary Linux distributions such as Ubuntu and new versions
of Debian, Fedora, ArchLinux and Slackware.
Q: Is SilentBob different from Jay's Firewall?
A: No, the functionality hasn't changed, and probably will not change.
The difference is that it actually works on newer systems, that's all.
Q: Why revive Jay's Firewall (ie. why am I doing this?):
A: Because Jay's Firewall was my preferred firewall script (iptables
wrapper) back in 2002 when I got aDSL installed in my house.
I kept using it, and found it to be really nice when I needed a
firewall, fast.
Q: But you didn't write it, why rename it?
A: I am forking it, so that I can keep my own Github repositories,
and do as much modifications to the sources as I want.
I still give all acknowledgements to Jerome Nokin for writing the
original script. I am but a fan.
Q: About that name...
A: It's a sly pun off the original name, Jay's Firewall...
Two funny characters seen in many films were Jay and Silent Bob.
I figured it would make sense, that if Jay gave up on something, then
Silent Bob would pick it up and continue working on it.
Jay & Silent Bob.
If you haven't seen any movies with Jay and Silent Bob in them,
you've missed out!
Q: Can you suggest some alternatives to this script?
A: Sure!
My friends on Reddit has suggested the following alternatives:
FWBuilder http://www.fwbuilder.org/
Ferm http://ferm.foo-projects.org/
UFW (Uncomplicated FireWall)
https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
Shorewall http://www.shorewall.net/
-----
Information from the old readme, which will be rewritten in the future, if needed.
-----
See INSTALL for installation's details
See README.Spywares for enable and initialize the spyware feature
See README.Peers for protect your peer2peer softwares
###################
# INFO #
###################
First : Excuse my English
Web site : 'http://firewall-jay.sourceforge.net'
Contact : Jerome Nokin <[email protected]>
Description :
Jay's Iptables Firewall is a bash script that allows one to easily
install and configure a firewall on a Linux system. It was initially
written for use on a home LAN. The basic features are sharing internet
over a LAN, forwarding TCP or UDP ports over the LAN log for
prohibited accesses and more.
The configuration of the firewall is assisted by an interactive
configuration tool. You should be able to use the "firewall-config.pl"
script for a interactive configuration, or use "firewall-config.pl -g"
to generate a empty configuration's file and configure it by hand.
##########################################
# BLOCKING IPS, SPYWARES , ADWARE, .. #
##########################################
About the blocking hosts feature ...
SPYWARES
--------
See README.Spywares
DENYING IP/HOST
---------------
To deny some hosts from your domain, use the 'block-ip*' files.
Go on '/var/lib/firewall-jay/',
edit 'block-ip-in.user' to deny all access 'from' hosts
edit 'block-ip-out.user' to deny all access 'to' hosts
and configure the firewall for enable the blocking feature (with 'firewall-config.pl' or by hand)
You may write your own files like "block-ip-{in|out}.<your description>"
Syntax: [!]<ip or subnet>:<description>
-------
- subnet can be "host.domain.xxx", "1.1.1.1", "1.1.1.0/24", "1.1.1.0/255.255.255.0"
or a range like "1.2.3.50-1.2.3.100" but you need to install the iprange module.
- description : must be less than 24 characters (logs from iptables are limited to 29)
no spaces allowed
Example:
--------
!10.0.0.1:good-guy
!10.0.0.5:good-guy
10.0.0.0/8:bad-guys
In this example, all subnet '10.0.0.0/8' is denied excepted 10.0.0.1 and 10.0.0.5
Please put what should not be blocked BERORE what must be it (like in example)
See example in 'block-ip-out.spywares' file.
A line begining with a '#" are regarded as comment.
DENYING MAC
--------------
You can only deny sources MAC address
To deny some hosts, use the 'block-mac-in*' files.
Go on '/var/lib/firewall-jay/',
edit 'block-mac-in.user' to deny all access 'from' hosts
and configure the firewall for enable the blocking MAC feature (with 'firewall-config.pl' or by hand)
You may write your own files like "block-mac-in.<your description>"
Syntax: <mac address>-<description>
-------
- mac address must be like XX:XX:XX:XX:XX:XX
- description : must be less than 24 characters (log from iptables are limited to 29)
no spaces allowed
A line begining with a '#" are regarded as comment.
##############################
# CUSTOM RULES #
##############################
Add your own rules in '/var/lib/firewall-jay/firewall-custom.rules' and enable the custom rules options.
Next, restart the firewall with "/etc/init.d/fw-jay restart"
See the custom file for more informations ...
##############################
# BUGS #
##############################
Please help me and send me the bugs at '[email protected]'