Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.
License: GNU General Public License (GPL)
Changes:
Some security issues concerning firewall restart were fixed. An invalid EOL causing blocked hosts to fail was fixed. Invalid sed syntax that caused blocked hosts to fail was corrected. The MAC filter was moved from the main script into a separate plugin. An issue where the OUTPUT policy didn't get applied was fixed. LOG_xxx_INPUT was changed to LOG_INPUT_xxx in the config file. Several plugins were updated.
More...
03-03-2009
