Automatic Firewall Script

News

About

If you are a broadband or dial-up user who doesn't have a firewall script, you need to get one to protect yourself. AutoFW is intended to help you do that with no hassles.

Many people when connecting to the internet need a firewall script made for them so they can surf the net without being susceptible to various attacks. Most, if not all (until now :-), of the existing scripts are written for a large range of requirements and require some tweaking to make them work for a specific user. However many users do not know which parameters to fill in the script config file.

AutoFW intends to provide a simple firewall script that you just need to fire and forget. You make sure to run it on computer start-up or just before connecting to the net, and it will detect network condition and setup appropriate firewall rules for you.

In order to be "smart" AutoFW has to be limited, the current scope of AutoFW are standard broadband connections, it will also cover dial-up users and stand-alone servers.

Tools required for operation

AutoFW works only for Linux IPTables firewall and needs the iptables utility to update the firewall, it also needs the ifconfig utility, both of these are available on any standard install of a GNU/Linux machine.

AutoFW also needs the ip program which is part of the iproute2 package, sometimes also called iproute. It is available as a package for any standard GNU/Linux install, not it might not be installed in your particular case.

Using AutoFW

It's Automatic, just run it as: ./autofw -d from the directory it is placed and it works.

Download

Send mail to autofw-announce-subscribe@ev-en.org to get notifications when new versions are released.

Contact the Author

I'll be happy to get feedback on this application, what do you think about it, is it useful to you, and anything else you'd like to tell me. You can contact me at my e-mail address: autofw@ev-en.org.

Dropping a note saying you liked the program and using it daily and recommend it to friends is probably the best reward I can hope for. If you are ready to give a bit more you can donate through paypal, buy me a book from my Amazon wishlist or my ThinkGeek wishlist.

Ultimately though, the thing that mostly warms my heart is a simple Thank You note.

How it works

There are two parts that do automatic detection, one is for interfaces and IPs and the other is for open listening ports.

The interface part looks at all the active interfaces in the machine and classifies them between internal and external. It does that by looking at the IPv4 address of the device. If it is one of:

it is considered to be an internal IP and thus an internal interface, otherwise it is an external IP and thus an external interface. There is no handling of an interface with both an internal and an external IP on it.

The listening ports are scanned for a known port and the accompanying known program name that binds to that port, known ports are opened later in the configuration stage.

The configuration itself is very simple for now, without many of the bell and whistles that exist in other scripts, but it works for the basic needs and provides adequate protection.

This project linked from