iptables control system
This is my take on replacing the rc.local -method of configuring iptables
at
startup.
Clone the repo and make install.bash
and jfw.rules
executable, then run
install.bash
as root.
When you run install.bash
, the script copies the file jfw.rules
to
/etc/jfw/
, makes a symlink to it in /usr/sbin
and copies the included
jfw.service
systemd service file to /etc/systemd/system/
.
You have the option to enable & start the service right away or do it later yourself using systemctl.
jfw.rules
is basically just a list of iptables commands, with a couple of
predefined parameters. The systemd service runs the script at startup.
Outbound traffic, inbound MDNS and inbound SSH are allowed by default.
If you haven't already, clone the repo, make uninstall.bash
executableand run
uninstall.bash`.
The traditional method of using /etc/rc.local
to run your init scripts
is deprecated by many distros. This is just another way to configure iptables.
There are a couple of handy parameters to the jfw
command:
jfw flush
flushes the rules and disables the firewalljfw edit
is an alias to edit/etc/jfw/jfw.rules
with your defined $EDITORjfw logs
grepsdmesg
to show the logsjfw list
shows the currently activeiptables
rules for IPv4 and IPv6jfw test
applies your ruleset and automatically flushes the rules after 60 seconds. Just remember to usenohup
,screen
ortmux
so the script will continue running even if your connection breaks.jfw reload
resets the rules to those defined in/etc/jfw/jfw.rules
This is useful when modifying the rules remotely so you don't get locked out.
If you are unsure about the methods I've used, don't use these scripts.
Ask someone if it is safe to use them.
If you have no idea how to use iptables
, then this might not be the easiest
way to control the Linux firewall. My personal favourite of the more
comprehensive firewall programs is firewalld
.