Provided by: arno-iptables-firewall_2.1.1-5_all
arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support.
arno-iptables-firewall start | restart | force-reload | stop | stop-block | status | status-plugins | check-conf
arno-iptables-firewall is an iptables configuration script with support for both IPv4 & IPv6. In general, it should not be called directly, but rather should be invoked via /etc/init.d/arno-iptables-firewall or systemctl COMMAND arno-iptables-firewall.service, depending on the init system in use. While it is extremely easy to set up a basic firewall one can nevertheless configure it to meet quite complex requirements. All available options are explained in the extensively documented configuration file. As a bare minimum the external interface of the system needs to be set up properly in the firewalls configuration (EXT_IF). The default behavior of the firewall is to deny all incoming connections. Instead of editing the main configuration file, it is recommended to put configuration snippets into .conf files to be placed in the configuration directory. These are sourced after the main configuration file has been read and can be used to override previous (default) configurations. For additional requirements not covered by the configuration file and not coverable by configuration snippets custom iptables rules can be placed in a custom rules file. This file is automatically parsed by the service script. Logs are written to a dedicated log file if rsyslogd is in use. The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage). Several plugins implementing advanced features come with the firewall script. Each of them brings its own configuration file to be found in the plugins configuration directory.
/etc/arno-iptables-firewall/firewall.conf main configuration file /etc/arno-iptables-firewall/conf.d/ firewall configuration directory /etc/arno-iptables-firewall/plugins/ plugins configuration directory /etc/arno-iptables-firewall/custom-rules custom iptables rules file /etc/arno-iptables-firewall/blocked-hosts host blacklist. This file does not pre-exist and its use is disabled in the main configuration file by default. /var/log/arno-iptables-firewall log file maintained by rsyslogd
iptables(8), arno-fwfilter(1), /usr/share/doc/arno-iptables-firewall/README.gz, https://rocky.eld.leidenuniv.nl/
arno-iptables-firewall was written by Arno van Amersfoort <firstname.lastname@example.org> and Lonnie Abelbeck <email@example.com>. This manual page was initially written by Michael Hanke <firstname.lastname@example.org> and has been reworked by Sven Geuer <email@example.com>, for the Debian project (but may be used by others).