Linux IPCHAINS and IPTables firewall script for the masses

Well its been downloaded by folks in Sweden, Australia, Belgium and the UK so I guess the script "Defcon4" is now a global success?  Anyway, If your just starting out with linux here is a little script I wrote to set up a INITIAL firewall on  your server. Security needs are different for all of us so use the script as a base and modify it as you see fit. I am not responsible for any break-ins if you use the script..
 Every System is vulnerable, do not let anyone tell you different!

To use the script you need some sort of Linux distribution with a kernel greater than 2.2.0.  Kernels prior to 2.2 use ipfwadm which has been exploited regularly. If your just starting out, RedHat and Debian are IMHO are the easist to install. The Red  Hat Distrubition is available here or from ftp.redhat.com.  Again modify the script as you see fit, it's well documented and email me if you have any questions. This script uses NAT to protect your local net. It is designed to work with 2 NICS in your machine. Usually I can be found on IRC using an isolated server- Irc.vap0r.com - join #Peek.or ICQ #8386784.

Basically One nic connects to the internet, the other connects to your protected network. The script uses NAT- network address translation to mask your protected machines
Normally I like to put the firewall script in a place in my path like /usr/bin.  I call the script sometimes three times a week depending on what I'm doing. Calling the script flushes all rules so you don't end up with duplicate entries. Upon boot up its called from rc.local (you have to place it there)

Defcon4 IPCHAINS version
Download the script here (the gz version) or here (the directory list)

Defcon4 IPTABLES version
Download the script here (the gz version) or here (the directory list)

    1. Edit the file and change your local IP and your Internet IP
    2. su root
    3. chmod 700 defcon4  (Makes the file executable)
    4. Run the script ./defcon4 start
    5. If it runs ok and you want it run from boot-
      put /usr/bin/defcon4 start  in your rc.local file
    6. If all goes well, your somewhat protected from the evil that lurks
    7. If things did not go well, you will see many errors- make sure you are root!
    8. Keep checking back as I will update the script often
    9. Look at installing snort or tripwire

[Home] [My Work] [Dish Hack] [Linux] [Firewall] [Netware] [TCP/IP] [Hack] [NSA] [Files] [Pix] [Hardware] [Switch Traf] [Magic] [Night Sky] [Weather] [Freq Scan] [IDS] [Rush] [.] [Prophet] [Entropia] [Electronics] [LHC] [Instinct] [Instinct Fix] [NAS] [iPhone]




Click for Bloomington, Illinois Forecast