About:
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.

Author:
Arno [contact developer]

Rating:	reset 1 2 3 4 5 6 7 8 9 10
8.67/10.00 (48 votes)

Homepage:
http://rocky.eld.leidenuniv.nl/
Tar/GZ:
http://rocky.eld.leidenuniv.nl/[..]/arno-iptables-firewall_1.9.0-rc4.tar.gz

Trove categories: [change]

[Development Status]		5 - Production/Stable, 6 - Mature
[License]		OSI Approved :: GNU General Public License (GPL), OSI Approved :: GNU General Public License v2
[Operating System]		POSIX :: Linux
[Programming Language]		Unix Shell
[Topic]		System :: Networking, System :: Networking :: Firewalls

Dependencies: [change]
iptables (Default branch) (required)
[download links]

 Branches

Branch	Version	Last release	License	URLs
Default	1.9.0-rc4	25-Nov-2008	GNU General Public License (GPL)
Stable	1.8.8o	04-Mar-2008	GNU General Public License v2

 Comments

[»] This Script Is The Best
by Rizen - Oct 19th 2004 06:42:52

I've tried a lot of firewall scripts from freshmeat. More than half don't seem to even work. Or I'm not bright enough to make them work (and I've been working with unix style operating systems for eight years).

This script "just works". And it's got powerful configuration options to boot.

--
Those who say it cannot be done should not interrupt those who are doing it!

[reply] [top]

[»] Re: This Script Is The Best
by kozaki - Sep 28th 2005 12:11:43

That's just true. As hgo I found this script combine power and clarity (configuration AND logs :). As jgionet, I configured it just logging into the gateway by SSH. I'm very happy i found Arno's IPtables script. Many thanks for his nice work :)

--
Internet shall we share ?

[reply] [top]

---

[»] Great!!
by hgo - Jun 24th 2004 12:01:04

After wasting hours to get my SuSE Firewall up and running I gave up on it. Then I found this script and I am extremely happy with it. Everything just worked fine after just following the instructions and rebooting the PC. Thank you!

[reply] [top]

[»] EXCELLENT!
by jgionet - Apr 20th 2004 12:51:35

what can I say, this is by far one of the BEST scripts I've loaded in many years! I was able to install and apply this script REMOTLY connected via SSH and had no issues at all. (after applying a new Redhat Kernel & rebooting) Great instructions and very well documented/orginized. I was using MonMotha's script before (which was also excellent) however there hadn't been any updates in a quite a while. Keep up the GREAT work! thxs :)

[reply] [top]

[»] Great !!!
by Arodhnar - Jan 28th 2004 10:31:52

I've been using this script for a year now and I never encountered any problem with it.
It works just fine and keep my network safe ...

[reply] [top]

[»] The best of the best
by limaunion - Jan 19th 2004 07:59:43

This IPTABLES script is really wonderful, try it!

[reply] [top]

[»] Awesome!
by sbrannon - Jul 20th 2003 14:19:41

I set up this script to NAT/Firewall my home network in minutes! It has been working with apparant flawlessness for a couple of days.

Thanx alot fo this! It saved me from having to spend HOURS and HOURS learning iptables configuration. Now all I have to do is pour over your excellently commented script to satisfy whatever curiosity I have vis-a-vis iptables.

Again, thank you!

[reply] [top]

[»] Wonderful
by Olga - Jul 11th 2003 11:34:51

Arno,

You really did a wonderful job. Works great, and with lots of options.
Thanks for this piece :-)

[reply] [top]

[»] XXX_FORWARD
by Ivan McLaughlin - Jun 4th 2003 10:46:31

I started using the scripts last week and find them useful. I was wondering if it was possible to TCP_FORWARD and UDP_FORWARD for only certain hosts? Seems like when I use XXX_FORWARD, the world is opened for those ports. Really I would like to enable XXX_FORWARD and only forward for specific hosts.

--
Ivan

[reply] [top]

[»] Go, continue to work on it ! :)
by Thai DANG - Jun 3rd 2003 09:20:07

I would like to thank you for your work. I began to use your script a couple of days ago, and I am very please with that.
Continue to work on it, it is very usefull and easy to configure.

[reply] [top]

[»] CIPE
by leonardo - Jan 21st 2003 17:03:07

I cannot use CIPE with your Firewall, the response from a machine with Arno IPtable Firewall is dropped ... what can I do ???

--
Leonardo L. Rocha www.nunix.com.br

[reply] [top]

[»] Easy NAT Setup
by Esteban - Jan 14th 2003 08:04:46

This is the best, easiest way to setup NAT/routing. It can be setup in minutes.

[reply] [top]

[»] fwfilter
by TormentoR - Nov 24th 2002 14:25:52

This firewall is very good, also the fwfilter comes in handy when monitoring you server :)

[reply] [top]

[»] Recommended
by johnesku - Mar 3rd 2003 12:21:11


> This firewall is very good, also the
> fwfilter comes in handy when monitoring
> you server :)

This script is really cool for newbies as well as for advanced users. It will make your nights and holidays worryless and peaceful :).

I am using this script for over 1 year on 4 on-line machines.

I kindly recommend the use of this script in connection with gentoo-linux-firewall utilities (ipdrop & ipblock) as such combination would give you complete control over your server's traffic.

john

[reply] [top]

---