Good news !
-
This project has been forked to SilentBob by Thomas Frivold.
SilentBob can be downloaded from https://github.com/thomasfrivold/SilentBob.
Thank you very much for this initiative Thomas ! I whish you all the best with SilentBob.
Jerome Nokin (August 02 2012)
Important announcement
-
I regret to inform you that Jay's Iptables Firewall is not maintained anymore.
This script was a student development. I will still be using it but I have no more time to work on it.
Thanks to all users who took the time to make suggestions and/or help me track down bug ! That was great to talk with people from everywhere.
I recommend Shorewall (http://www.shorewall.net/) as alternative of Jay's Firewall.
Kinds Regards,
Jerome Nokin (June 11 2007)
About the Firewall
Jay's Iptables Firewall is a bash script that allows one to easily install and configure a firewall on a Linux system. It was initially written for use on a home LAN, but can be extend to any type of network since support for multiple interfaces was added. The basic features are sharing internet over a LAN, forwarding TCP or UDP ports over the LAN (for programs which require to be directly connected to Internet (to receive files by ICQ, eDonkey, KaZaA, ...)), log for prohibited accesses and more.
The firewall is very restrictive "All incoming traffic is blocked except ...". It carries out a filtering of the IP, TCP, UDP, and ICMP headers. Protect from DDOS (Distributed Denial Of Services) attacks, Smurf attacks (participation to a DDOS), Invalid IP sources and much more).
The configuration of the firewall is assisted by an interactive configuration tool (see screenshots).
You should be able to use the "firewall-config.pl" script for a interactive configuration, or use "firewall-config.pl -g" to generate a empty configuration's file and configure it by hand.
Features
· Access control to TCP/UDP ports
· TCP/UDP Flags Control
· ICMP Control
· UDP/TCP ports forwarding
· Synflood Control (Distributed Denial Of Services)
· Spoofing Control (Bad source ips)
· Denying hosts (IP/MAC)
· Spywares ip list included
· NAT/Masquerading (Internet sharing over a LAN)
· Support for tunneling with restricted access on ports (like vtund)
· Support for multiple internal interfaces
· Support for multiple external interfaces
· Setting up Type Of Service (TOS)
· Support for custom rules
· Support for Pre/Post scripts
· Support for ZorbIPTraffic (Bandwidth traffic analyser in real time http://www.atout.be)
· Log of bad tentatives
· And more ...
