Alessandro Dotti Contra

Linux/Unix DevOps

Netfilter scripts

Some ready to use scripts to setup a netfilter (Linux kernel 2.4/2.6) firewall. Most common setups are covered.

Single host

Configuration for a single workstation. All inbound connections are filtered while all outbound connections are allowed.


Home gateway

Configuration for a home gateway. Masquerading is active for LAN's clients. All inbound connections are filtered while all outbound traffic is allowed.


Lan gateway

Configuration for a LAN gateway. The gateway acts as a DNS and SMTP server for the LAN. SSH inbound connections are allowed from the LAN as well. DNS and SMTP outbound connections are allowed to the Internet; LAN's client can access public web and FTP services.


Lan gateway with DMZ support

Configuration for a gateway with DMZ support. Natting is active for both DMZ servers and private LAN clients. The gateway itself accepts only inbound SSH connections from the LAN's client. Public access to some well defined services hosted in the DMZ is granted, as well as restricted access to the Internet by DMZ server and LAN's clients.