### $Id: readme,v 1.1 2002/11/09 04:50:34 jim Exp $
###
### Filename : /etc/firewall/doc/readme
###
### $Revision: 1.1 $
###
This script is freely distributed.
SOFTWARE REQUIREMENTS
This script requires version 1.2.6a of iptables. Your kernel may need to have options extra options compiled in for some of the advanced features of the script. These features are ipt_string for the hacker protection. MIRROR is for mirroring the packet back to its destination. The options listed above are special features that have procedures defined in trouble-shoot file on how to add them to your kernel.
If you use the blacklist update script, you will need wget to perform the update.
IMPORTANT NOTES
This release has two Trojan lists included. An intensive list which has all known trojans from port 500 and up. An regular list which has only trojans that infect Linux, Unix, and Solaris. You may need to edit this file so it does not interfer with the normal operation of your network. By default I have setup use the Linux file. If you use the intensive file it will slow down the installation of the firewall information.
Release Information
Release 1.30
This is the first release in a while. I have fixed a few
minor bugs and some cosmetic issues for the post few
months. Please let me if there are any issues.
I have been testing this version quite a bit over the
last few months remotely
Alpha 1.26
I have redone the CVS information. All files now should
have specific date and revision numbers. Releases will
still have names and numbers, but do not match the files.
Alpha 1.24
Fixed Major Bug with the Active Files for hosts deny,
black list.
Added exempt_updater.
Release 1.2
Fixed Spam. It was giving errors on domain names.
Release 1.1
Fixed TCP Block. Added a blacklist updater program.
Release RC2
Added SPAM support. I had some drop a whole bunch of spam into one of my email accounts. So I though, hey I can drop it at the packet level and send it back to them. This protection will only work if you have an email server, it will not work with pop accounts, so if you don't need it disable it.
Release RC1
Added Multiple LAN and DMZ support. Better reports. I spend hours trying to get these reports to look nice. I finally did it, hope you find the useful.
Release 0.14
Added Port Scan Blocking.
Release 0.13
Changed the trojan options. Added Intensive Trojan list option. Also changed the format of the trojan file.
Release 0.12
Created a small report utility. It pulls the information from the kernel log file. It does require the filename of the kernel message to work properly.
Release 0.11
This release has an update script for the tcpwrappers hosts.deny file. It will reset all tcpwrappers information on its execution. If you would like to use the new feature. You will need to create a cron job to run the script tcpblock.
Release 0.9
To use the mirror trojans back function, you will need to add support to your kernel. Activate the option called Mirrored Target Support. Then you will need to edit the firewall.conf and change TROJAN_DROP_POLICY to MIRROR. This will send their own requests back to them. A little revenge if you ask me.
Reason for the Script.
Frankly the reason I wrote an Iptables Script is that all the scripts that are currently out did not meet my needs or were to complicated to configure. I wrote my script with the purpose, the only thing that needs to be modified is the LAN and Internet ports.
I took my configuration a little differently. I wanted detail if I ran the script manually, but if it was automatic, I wanted nothing. I wanted to know what the ports actually did, what I was actually blocking or allowing into my system. This was a difficult task to accomplish, but I found a few web sites helped me out. That is why a lot of the functions in my script are accompanied with separate plain text files for the information required. Ya, it may be a little to much information, but again, who can have to much information.
The last thing was, why didn't any of the other scripts use the information from tcp_wrappers to block people that I don't want in. I never got a response from anyone on that one. I have set my script to only block the people who have been fully blocking in tcp_wrappers with the ALL:
Configuration Files
As of version 0.11 I have moved the variables used in the program to firewall.conf file.
All of my configuration files have a format specific to them. I tried to keep it all the same whenever possible. The basic components of my files are:
Port Type - tcp or udp
Port Name - The name you associate to the port ie Web Server or http
Port Number - The actual number of the port
IP Address - The address you wish to block or allow access
Source Port - The port that recieves the request
Source IP Address - The IP Address that recieves the request
Destination Port - The port that source is redirected to
Destination IP Address - Th IP Address that receives the redirection
Message - ICMP Name you associate to the ICMP Msg ie echo-replay
Message # - The acutal message number
Questions - Suggestions - Why did you do that
If you have any questions, you can email me at giffordj@linkline.com. I listen to everything that is said. If you have ideas, or you think their is a better way to accomplish what I am trying to do, let me know. I want to make my script one that everyone feels comfortable using.
I have set up a special email account for this. Send emails to suggestions@jg555.com.
I also have setup a special email account for troubleshooting. Send emails to firewall@jg555.com
Jim Gifford