Manage your Netfilter rules whitout worring about IPv4 IPv6 protocols.
git clone https://github.com/lspagnol/agnostic-firewall
cd agnostic-firewall
sh install.sh
- Main configuration file.
- The rulesets filenames can be changed by editing the
RULES
variable. - IPv4 or IPv6 firewall can be disabled by uncomment
V4_DISABLE
orV6_DISABLE
.
- Basic common rules: loopback, established, routing and IPv6 neighbor, various ICMP, ...
- Allow connexions from your administrative hosts or networks.
- Grant only necessary access from the world to your server,
- give it only necessary access to the world (such as LDAP, SQL, ...),
- Just replace
iptables/ip6tables
withipt
. - The script will try to know if rules apply to IPv4, IPv6 or both:
- check type of IP addresses,
- resolve V4/V6 addresses for host/fqdn based rule.
- Declaration can be explicit: use
ipt4
oript6
instead ofipt
.
- Theses hook scripts, as defined in /etc/firewall/firewall.cf are included if available:
- pre-save.sh, pre-save_V4.sh, pre-save_V6.sh
- post-save.sh, post-save_V4.sh, post-save_V6.sh
- pre-start.sh, pre-start_V4.sh, pre-start_V6.sh
- post-start.sh, post-start_V4.sh, post-start_V6.sh
- pre-stop.sh, pre-stop_V4.sh, pre-stop_V6.sh
- post-stop.sh, post-stop_V4.sh, post-stop_V6.sh
- You can use Bash syntax.
- Global variables of main script are available.
- It's recommended to use
ipt
,ipt4
oript6
instead ofiptables
orip6tables
.