Defcon -- iptables firewall script

Download Defcon

Defcon is intended to be easily configurable firewall script for Linux boxes with the 2.4.x kernel. It can be used to increase the security of your LAN, by turning that old Pentium 150 your using as a door stop into an Internet Firewall/Router.

The script started out as an exercise in Netfilter usage and bash programming, but quickly turned into a few all-nighters. The script enables a user to quickly setup an internet firewall by editing a couple of configuation files without having to be a Netfilter guru.

More information on how to configure and call the script can be found in the README file and the accompanying netVars and servers files. There are 5 levels at which the script can be called, and each has its special purpose. Level 1 is called so that a user can, by editing the servers file, set up internal network servers which he/she wants to forward to the outside world. It even allows for port redirection if the users ISP frowns upon hosting servers. An example of this would be to host a webserver from port 9292 to your internal servers http port of 80.

The above level also takes advantage of the SNAT target of iptables by nating your internal networks private ip address to the valid external address provided to you by your ISP. Level 3 do this as well, but neither levels 2 or 3 provide the ability to forward servers to The Internet. Level 3 uses the MASQERADE target of iptables to allow for a frequently changing IP such as that provided by a dialup account.

The script could easily be placed in /etc/init.d or somewhere else to startup with the system so that you could install, configure, and forget.

If you have any question, comments, or suggestions for this script, feel free to contact me at
teTsu at plasmacow dot com.