Copyright 2002 Josef Bergmann
This is the result of my first experiments with the new iptables filters in the Linux 2.4 kernel. Its a simple and for my understanding easy framework of files to manage a firewall-policy with iptables.
Its _not_ another big single iptables-script with a ready to run policy. You should have a basic understanding of networking and iptables to use this.
Mainly it consists of a simple interpreter-script and a set of files which builds the firewall-policy. The big advantage is the combination of small files with simple rules (typically one rule for one service) and the connection tracking which makes it easy to build policies for complex services.
For example you need FTP from you internal net with private adresses to the internet, then you simple add this rule to the file "int-ext":
# allow ftp from intern net to extern -A $R -j New -i $INT_IF -o $EXT_IF -p tcp --syn --dport ftp
Complete sample-policy with connection tracking and four interfaces (intern, extern, dmz, ipsec-vpn) is included.
Suggestions, help, patches, bug-reports and any other feedback is very welcome!