Note: this wiki is no longer maintained. If you have any questions related to this wiki, please post them on the CrunchBang forums.

Translations of this page?:


Using netfilter via iptables

You can manually configure netfilter interactively from shell, save its state with iptables-save, and restore it via init script with iptables-restore upon system reboot. The iptables of Debian provide packet filtering, network address translation (NAT) and other packet mangling. There are some helper applications which can assist you setting up iptables, all of them available in the repos:

  • The fiaif configuration file is very similar to raw iptables rules.
  • filtergen has support for non-iptables packet filters too. The configuration file is application-specific.
  • fireflier has a client-server setup. All rules deny at first and ask the user which connections should be made.
  • firestarter is geared towards end-users and includes a wizard to quickly setup firewall rules. Popular pick.
  • fwbuilder is an object-oriented GUI which includes policy compilers for various firewall platforms.
  • guarddog is geared to both novice and advanced users.
  • ipkungfu is an advanced iptables script for inexperienced users (only supports IPV4).
  • mason is an application which can propose firewall rules based on the network traffic your system sees.
  • shorewall is a firewall configuration tool which provides support for IPsec as well as limited support for traffic shaping and the definition of firewall rules. Popular pick.
  • Canonical's ufw (and its GUI, gufw) from Ubuntu, is now available for Debian. Popular pick.

If you are in doubt, and want a “quick & easy” solution, choose firestarter or gufw.

On the #! Forums

firewall.txt · Last modified: 2012/05/30 19:09 by rhowaldt
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Share Alike 3.0 Unported

Powered by DokuWiki. Hosted by Linode.
Copyright © 2010 CrunchBang Linux.
Proudly powered by Debian GNU/Linux.
Debian is a registered trademark of Software in the Public Interest, Inc.