Thursday, December 30, 2010

MF-Firewall - Linux IPv6 and IPv4 firewall wrapper

A new project, just created yesterday to publish a full software package that uses standard linux tools to create a highly locked down environment.

Basically, a whole suite of scripts written in Ruby that builds chains, sets kernel options, sets up and tears down interfaces and vlans based on a directory of files each part of a zone.

The config directory sits in a folder called /jail
Under that you have acl/ nat/ and mangle/.
Under acl you have zones/ and kernelopts/.
Under zones/ you have each individual zone which includes a special zone called WAN that faces the public. You create as many additional zones as you want. Each zone has its own eth or vlan. A vlan can be TRANS for transparent or it can contact ipv4 or ipv6 address or both.

IPv6 support was only recently added and still needs lots of work done to fine tune it.

Find the project here:
http://code.google.com/p/mf-firewall

No comments:

Post a Comment