SilentBob icon indicating copy to clipboard operation
SilentBob copied to clipboard

verified publisher icon partoneoftwo

Metadata

SilentBob Firewall

#############################################################################

SilentBob Firewall - a fork of

Jay's Iptables Firewall

Original script written by Jerome Nokin

Abandoned by Jerome in 2007 according to his website

Resurrected by Thomas Frivold on 01.08.2012

This program is free software; you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation; either version 2 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston,

MA 02111-1307 USA

#############################################################################

LICENSE: GPLv2 - Please see http://www.gnu.org/licenses/gpl-2.0.html

COMPATIBLE WITH: DEBIAN, UBUNTU, SLACKWARE, ARCHLINUX and others (Possibly also non-x86 platforms)

TESTED ON: DEBIAN 6 [SQUEEZE], UBUNTU 12.04 [PRECISE PANGOLIN]

HOMEPAGE: https://github.com/thomasfrivold/SilentBob OLD HOMEPAGE: http://firewall-jay.sourceforge.net/ OLD FRESHMEAT PAGE: http://freecode.com/projects/firewall-jay

REQUIRES: dialog (apt-get install dialog)

########################

ACKNOWLEDGEMENTS

########################

This script was originally designed, coded and written by Jerome Nokin. I hope he will be happy that I have picked up the pieces of his great work on this firewall script. If a user downloads the last version ever published, Jay's Firewall v1.0.5, it will find that it does not work (anymore). I have been able to sort out the quirks that kept it from running, and have now published this altered version as a fork on Github under the name Silentbob.

The goal is to keep the software alive and kicking, and to ultimately have a nice firewall script to run on gateways and servers. Although Jerome recommends users to look elsewhere, for instance at M0n0wall or Shorewall, I still prefer Jay's Firewall for it's useability.

My minor edits and small hacks should not be praised, it was Jerome Nokin who did the impressive work on this script. Thanks Jerome!

  • Thomas Frivold 01.08.2012

Website: https://github.com/thomasfrivold/silentbob Contact: Thomas Frivold [email protected]

INTRODUCTION FAQ:

Q: What does SilentBob do? A: SilentBob is a frontend for iptables, which lets you configure your Linux machine as a firewall or network router. It uses a menu driven (ncurses) configure system which is very easy to use.

Q: On what does SilentBob run on? A: Unlike Jay's Firewall v1.0.5 which was released in 2005, SilentBob runs on contemporary Linux distributions such as Ubuntu and new versions of Debian, Fedora, ArchLinux and Slackware.

Q: Is SilentBob different from Jay's Firewall? A: No, the functionality hasn't changed, and probably will not change. The difference is that it actually works on newer systems, that's all.

Q: Why revive Jay's Firewall (ie. why am I doing this?): A: Because Jay's Firewall was my preferred firewall script (iptables wrapper) back in 2002 when I got aDSL installed in my house. I kept using it, and found it to be really nice when I needed a firewall, fast.

Q: But you didn't write it, why rename it? A: I am forking it, so that I can keep my own Github repositories, and do as much modifications to the sources as I want. I still give all acknowledgements to Jerome Nokin for writing the original script. I am but a fan.

Q: About that name... A: It's a sly pun off the original name, Jay's Firewall... Two funny characters seen in many films were Jay and Silent Bob. I figured it would make sense, that if Jay gave up on something, then Silent Bob would pick it up and continue working on it. Jay & Silent Bob. If you haven't seen any movies with Jay and Silent Bob in them, you've missed out!

Q: Can you suggest some alternatives to this script? A: Sure! My friends on Reddit has suggested the following alternatives:

FWBuilder http://www.fwbuilder.org/

Ferm http://ferm.foo-projects.org/

UFW (Uncomplicated FireWall) https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

Shorewall http://www.shorewall.net/

Information from the old readme, which will be rewritten in the future, if needed.

See INSTALL for installation's details See README.Spywares for enable and initialize the spyware feature See README.Peers for protect your peer2peer softwares

###################

INFO

###################

First : Excuse my English Web site : 'http://firewall-jay.sourceforge.net' Contact : Jerome Nokin [email protected]

Description : Jay's Iptables Firewall is a bash script that allows one to easily install and configure a firewall on a Linux system. It was initially written for use on a home LAN. The basic features are sharing internet over a LAN, forwarding TCP or UDP ports over the LAN log for prohibited accesses and more.

The configuration of the firewall is assisted by an interactive 
configuration tool. You should be able to use the "firewall-config.pl" 
script for a interactive configuration, or use "firewall-config.pl -g" 
to generate a empty configuration's file and configure it by hand.

##########################################

BLOCKING IPS, SPYWARES , ADWARE, ..

##########################################

About the blocking hosts feature ...

SPYWARES

See README.Spywares

DENYING IP/HOST

To deny some hosts from your domain, use the 'block-ip*' files. Go on '/var/lib/firewall-jay/', edit 'block-ip-in.user' to deny all access 'from' hosts edit 'block-ip-out.user' to deny all access 'to' hosts and configure the firewall for enable the blocking feature (with 'firewall-config.pl' or by hand)

You may write your own files like "block-ip-{in|out}."

Syntax:  [!]<ip or subnet>:<description>
-------
       - subnet can be "host.domain.xxx", "1.1.1.1", "1.1.1.0/24", "1.1.1.0/255.255.255.0" 
         or a range like "1.2.3.50-1.2.3.100" but you need to install the iprange module.
       - description : must be less than 24 characters (logs from iptables are limited to 29)
                       no spaces allowed   

   
    Example:
    --------
       !10.0.0.1:good-guy
       !10.0.0.5:good-guy 
       10.0.0.0/8:bad-guys

       In this example, all subnet '10.0.0.0/8' is denied excepted 10.0.0.1 and 10.0.0.5

       Please put what should not be blocked BERORE what must be it (like in example)


    See example in 'block-ip-out.spywares' file.
A line begining with a '#" are regarded as comment.

DENYING MAC

You can only deny sources MAC address

To deny some hosts, use the 'block-mac-in*' files. Go on '/var/lib/firewall-jay/', edit 'block-mac-in.user' to deny all access 'from' hosts and configure the firewall for enable the blocking MAC feature (with 'firewall-config.pl' or by hand)

You may write your own files like "block-mac-in."

    Syntax:  <mac address>-<description>
    -------
       - mac address must be like XX:XX:XX:XX:XX:XX
       - description : must be less than 24 characters (log from iptables are limited to 29)
                       no spaces allowed

    A line begining with a '#" are regarded as comment.

##############################

CUSTOM RULES

##############################

Add your own rules in '/var/lib/firewall-jay/firewall-custom.rules' and enable the custom rules options. Next, restart the firewall with "/etc/init.d/fw-jay restart" See the custom file for more informations ...

##############################

BUGS

##############################

Please help me and send me the bugs at '[email protected]'

Metadata

29
Stars
3
Forks
Watchers

Owner

verified publisher icon partoneoftwo

Metadata

SilentBob Firewall

Back