Lutelwall – IPTables firewall setup script

Traffic features:

• flexible control over traffic using rule set
• user-defined protocols support
• support for any kind multiple external and internal interaces (and aliases)
• automated MASQUERADE / SNAT support
• easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
• rate limit extensions
• packet marking for 3rd party shapers
• TOS (Type of Service) traffic optimizer
• both passive and active FTP support
• DHCP support
• can work as “workstation” firewall
• Security features:
• stateful TCP connection tracking with restrictive TCP chain
• blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
• blocking IP protocol scans (nmap -sO)
• blocking UDP scans (nmap -sU)
• blocking identification via TCP/IP fingerprinting (nmap -O)
• anti-spoof protection, including protection for aliases
• anti-smurf protection
• TCP SYN Flood protection
• UDP / ICMP Flood protection
• IANA reserved addresses checking
• SYSCTL parameters set for increased strength

Logging features:

• logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.

Other features:

• autodetect of connection type (static/dynamic, external/internal)
• auto update of firewall tool
• auto update IANA reserved list
• display firewall statistics in iptables native, csv or html format
• easy deployment on all distributions
  

1. Download lastest version (lutelwall-0.99.tar) .
2. Unpack source tar xfz lutelwall-*.tar.gz
3. Copy script to your /sbin directory and configuration file to your /etc directory
cp lutelwall-*/lutelwall /sbin cp lutelwall-*/lutelwall.conf /etc
4. Edit your /etc/lutelwall.conf file,
5. Start LutelWall: lutelwall start