- FireLance is a program that can write a basic iptables script without the user having to know any iptables syntax. It functions in two modes as a suid program it can fully control a Linux servers firewall. As a non suid program it can write a script that can be copied from the browser into a text editor for the basis of your own firewall script. It is NOT a full featured firewall solution. It is meant as an easy to use program to set up a firewall/NAT server for a small network. As of the current version it can:
- Turn the server into gateway for a small network (requires a multihome server)
- Open up certain common services to outside of the firewall e.g. web server, POP3 mail etc…
- prevent pings from reaching the network.
- Deny particular machines on your LAN from having access to the gateway function of the server.
- Close down the gateway ensuring that the server is protected from outside the firewall
- Shows the current loaded state of iptables
- Start/Stop/Save iptables
- Make iptables a boot service
I wrote it as a quick and easy way to setup a firewall for a small network. With a few clicks a NAT enabled firewall/router can be created.
A WORD OF WARNING!
If it is setup to allow incoming web services (i.e. port 80 is open) and the web server allows blind running of the firelance script an outside source can change your firewall rules. It is imperative that you do not allow this scenario. The best thing todo is to setup the firewall then either remove the Firelance program or set it back to non-suid, just issuing a make install from the build directory will non suid Firelance.
Version 0.15 (September 2004)
- Debian minor bug fixes.
- save, stop, start fixed.
- Now uses jwCGI version 1.27 or above (easier on install as standard libtool commands executed).
- HTML tables removed from display output, css used instead.
- Minor message changes.
- When run in user mode (non-suid) the script is now displayed so it can be copied/pasted to your own script.
- firelance.conf now installed on setup.
- firelance.conf settings file now saved in same directory as the firelance.cgi program (see vars.h to change)
- firelance.conf has eth0 set by default as LAN interface for the case when there is only one NIC in the server.
- First public release.