dynfw Dynamic Firewall Tools, v1.0

1. dynfw

Firewalls all good and fun, but what do you do when you need to make rapid, complex changes to your netfilter-based firewall? Instead of feverishly hacking away at a complex master firewall script, use the dynfw Dynamic Firewall Tools. This collection of robust bash scripts have been designed to work with nearly any existing netfilter-based firewall configuration. By using these scripts, you'll be able to make near-immediate changes to your firewall configuration without risk of misconfiguration, resulting in vastly improved network security and responsiveness. The dynfw firewall scripts were originally featured in this IBM developerWorks article.

You can download the current version of dynfw here: http://www.gentoo.org/doc/en/articles/files/dynfw-1.0.1.tar.bz2.

Note: The dynfw Dynamic Firewall Tools are Copyright 2001-2003 Gentoo Foundation, Inc. and distributed under the GNU General Public License. You are encouraged to send any bug fixes or improvements to these tools to Daniel Robbins so that they can be rolled into the official release.

The following scripts are included in dynfw-1.0.1.tar.bz2:

Script	Description
install.sh	the install script -- run this first
dynfw.sh	the dynfw global support script -- used by all dynfw tools
ipdrop	discard packets coming from a specific IP
ipblock	discard as above, but send an TCP reset if applicable
tcplimit	ratelimit new connections to a local TCP port
host-tcplimit	ratelimit new connections from a specific host
user-outblock	prevents a specific UID (user) from establishing outbound connections

Changelog

1.0.1: sh-compatibility fixes; == changed to = (oops!)

1.0: Initial release.

Page updated September 8, 2005

Summary:

Daniel Robbins
Author

Donate to support our development efforts.