Home / Scripts / Lutelwall – IPTables firewall setup script

Lutelwall – IPTables firewall setup script

LutelWall is BASH script used for setting up linux firewall on IPtables.  It uses human-readable and easy to understand configuration to set up Netfilter in most secure way. Its flexibility allows firewall admins build from very simple, single-homed firewalls, to more complex ones – with multiple subnets, DMZ’s and traffic redirections. It can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.

Features

Features

Traffic features:

  • flexible control over traffic using rule set
  • user-defined protocols support
  • support for any kind multiple external and internal interaces (and aliases)
  • automated MASQUERADE / SNAT support
  • easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
  • rate limit extensions
  • packet marking for 3rd party shapers
  • TOS (Type of Service) traffic optimizer
  • both passive and active FTP support
  • DHCP support
  • can work as “workstation” firewall
  • Security features:
  • stateful TCP connection tracking with restrictive TCP chain
  • blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
  • blocking IP protocol scans (nmap -sO)
  • blocking UDP scans (nmap -sU)
  • blocking identification via TCP/IP fingerprinting (nmap -O)
  • anti-spoof protection, including protection for aliases
  • anti-smurf protection
  • TCP SYN Flood protection
  • UDP / ICMP Flood protection
  • IANA reserved addresses checking
  • SYSCTL parameters set for increased strength

Logging features:

  • logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.

Other features:

  • autodetect of connection type (static/dynamic, external/internal)
  • auto update of firewall tool
  • auto update IANA reserved list
  • display firewall statistics in iptables native, csv or html format
  • easy deployment on all distributions

Quick Install

Quick Install

1. Download lastest version (lutelwall-0.99.tar) .
2. Unpack source tar xfz lutelwall-*.tar.gz
3. Copy script to your /sbin directory and configuration file to your /etc directory
cp lutelwall-*/lutelwall /sbin cp lutelwall-*/lutelwall.conf /etc
4. Edit your /etc/lutelwall.conf file,
5. Start LutelWall: lutelwall start

Download

Download

Leave a Reply