GitHub - AllKind/ip-array: An iptables / tc based Linux firewall (bash)

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1,003 Commits
conf.d		conf.d
help.d		help.d
scripts.d		scripts.d
template_repo.d		template_repo.d
README		README
defaults.conf		defaults.conf
gpl.txt		gpl.txt
install.bash		install.bash
ip-array.bin		ip-array.bin
ip-array.init		ip-array.init
ip-array.init_pre_net_boot		ip-array.init_pre_net_boot
ip-array.service		ip-array.service
ip-array_bash_completion		ip-array_bash_completion
ip-array_global_defs		ip-array_global_defs
ip-array_interactive_functions		ip-array_interactive_functions
ip-array_ipset_functions		ip-array_ipset_functions
ip-array_ipt_functions		ip-array_ipt_functions
ip-array_main_functions		ip-array_main_functions
ip-array_pre_net_boot.service		ip-array_pre_net_boot.service
ip-array_tc_functions		ip-array_tc_functions
ip-array_xml_functions		ip-array_xml_functions
uninstall.bash		uninstall.bash

Repository files navigation

IP-ARRAY README


What is IP-Array?
	IP-Array is a command-line program (you may also say `script') written for bash
	(the bash shell www.gnu.org/software/bash).
	It's purpose is to configure IPv4 firewalling and traffic shaping of a linux host.
	To achieve this, IP-Array modifies the linux kernels netfilter / traffic control
	subsystems via the userspace tools iptables / ipset / tc.
	It also allows to load and / or unload netfilter related kernel modules and
	configure the kernel using the sysctl program.

	Intended Audience: Advanced End Users, System Administrators.

	Field of application: From a single host system to a multi-homed router or gateway.

Where to get it?
	IP-Array is currently hosted at sf.net.
	The project page is at: http://sourceforge.net/projects/ip-array/.
	Its homepage is at: http://ip-array.sourceforge.net/.

Features
	It does support most features of iptables and some of xtables-addons.

	- iptables rules are written in simple XML.
		They can be written in different ways depending on the need.
		Either as (grouped / nested) XML tags, or so called ruleblocks,
		where only values have to be put into.
		Their structure is defined by custom templates.
	- ipset and sysctl rules are written in XML.
	- Different start modi.
	- Custom epilog and prolog scripts for each start mode.
	- Muliple levels of output verbosity with optional syslog logging.
	- Coloured output (can be disabled).
	- Automatic 'jump tree' creation options.
	- An interactive wizard based mode to create configuration files.
	- Public functions available in rule files.
	- ipset support. Besides creation of sets, they can also be imported from plain,
		or in ipset save XML format formatted files.
	- Some autoconfig presets for DNS, FTP, SMTP, NTP, IPSEC, etc.
	- Traffic shaping - creation of htb and sfq qdiscs, tc classes and filters.
	- The ability to save the generated iptables / ipset, tc rules, modprobe,
		or sysctl commands, selectively or all together, to a file.
	- Error handling. Previous system states can be restored on error.
	- An install and uninstall script.
	- Rich set of command line options.
	- Bash completion compspec is included.
	- A reference manual, man pages and command line help.
	
Installation, Configuration, System Requirements, etc.
	Please read the reference manual.