arno-iptables-firewall is a front-end for iptables. Its configuration
script will set up a secure and restrictive firewall by just asking
a few questions. This includes configuring internal networks for
Internet access via NAT, and potential network services like http or
ssh. Moreover, it provides advanced additional features that can be
enabled in the well documented configuration file.
NOTE - The setup script will NOT run automatically after the package
has been installed. In order to run the script, the following command
has to be issued:
# arno-iptables-firewall-configure
In order to start the firewall automatically at boot-time, an
"rc.firewall" symlink to the startup script has to be created
in /etc/rc.d/ and of course the startup script itself should be
executable:
# cd /etc/rc.d/
# ln -sv rc.arno-iptables-firewall rc.firewall
# chmod +x rc.arno-iptables-firewall
In order to disable startup of the firewall at boot time, remove the
symlink or the executable bit from the startup script:
# rm /etc/rc.d/rc.firewall
# chmod -x /etc/rc.d/rc.arno-iptables-firewall
The firewall can also be started manually with one of the following
commands:
# arno-iptables-firewall start
# /etc/rc.d/rc.arno-iptables-firewall start
Please refer to the man page for more details.
IMPORTANT - A few security notes from the upstream author:
1) If possible make sure that the firewall is started before the
(ADSL) Internet connection is enabled. For a ppp-interface that
doesn't exist yet, you can use the wildcard device called "ppp+" (but
you can only use ppp+ if there aren't any other ppp interfaces).
2) Don't change any (security) settings ('EXPERT SETTINGS') if you
don't really understand what they mean. Changing them anyway could
have a big impact on the security of your machine.
3) A lot of people complain that their server stopped working after
installing the firewall. This is the correct behaviour for a firewall:
blocking all incoming traffic by default. Configure your OPEN_TCP
(e.g.) accordingly.