So what I did is to try find another easy to use firewall script... and that is when I came upon Arno's Iptables Firewall. To quote from its freshmeat.org entry:
"Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included."To install it on ubuntu, fire up synaptic then look for and install the arno-iptables-firewall package. It will also install the following packages: gawk and lynx.
After the download it will run a simple wizard that will also questions like what is your internet and external interfaces, what ports should be allowed, etc. After answering the questions, it will be installed and is ready to run.
To enable transparent proxying, open with your favorite text editor the file "/etc/arno-iptables-firewall/firewall.conf" and then search for the term "3128" and then simply uncomment the line pertaining to it.
To reconfigure your firewall, simply do a "sudo dpkg-reconfigure arno-iptables-firewall" and an easy to understand text-based wizard will come up. To make it run on boot, do a "sudo invoke-rc.d arno-iptables-firewall start" command.
So far its running great on my machine. Remember when I blogged about ipkungfu kicking firestarter out of my machine? Now it seems arno is ready to kick ipkungfu, but let me find out first after a series of tests.
For the FAQ on arno, read here.
