Skip to content
SilentBob Firewall
Perl Shell
Find file
Latest commit e48efbb Aug 2, 2012 Thomas Frivold Readme and todo additions

README

#############################################################################
#                                                                           #
#   SilentBob Firewall - a fork of    			                    #
#									    #
#   Jay's Iptables Firewall                                                 #
#                                                                           #
#   Original script written by Jerome Nokin                                 #
#   Abandoned by Jerome in 2007 according to his website     	            #
#   Resurrected by Thomas Frivold on 01.08.2012                             #
#                                                                           #
#   This program is free software; you can redistribute it and/or modify    #
#   it under the terms of the GNU General Public License as published by    #
#   the Free Software Foundation; either version 2 of the License, or       #
#   (at your option) any later version.                                     #
#                                                                           #
#   This program is distributed in the hope that it will be useful,         #
#   but WITHOUT ANY WARRANTY; without even the implied warranty of          #
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
#   GNU General Public License for more details.                            #
#                                                                           #
#   You should have received a copy of the GNU General Public License       #
#   along with this program; if not, write to the Free Software             #
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston,                   #
#   MA  02111-1307  USA                                                     #
#                                                                           #
#############################################################################


LICENSE: GPLv2 - Please see http://www.gnu.org/licenses/gpl-2.0.html

COMPATIBLE WITH: DEBIAN, UBUNTU, SLACKWARE, ARCHLINUX and others
(Possibly also non-x86 platforms)

TESTED ON: DEBIAN 6 [SQUEEZE], UBUNTU 12.04 [PRECISE PANGOLIN]

HOMEPAGE: https://github.com/thomasfrivold/SilentBob
OLD HOMEPAGE: http://firewall-jay.sourceforge.net/
OLD FRESHMEAT PAGE: http://freecode.com/projects/firewall-jay

REQUIRES: dialog (apt-get install dialog)

########################
#   ACKNOWLEDGEMENTS   #
########################

This script was originally designed, coded and written by
Jerome Nokin. I hope he will be happy that I have picked up the
pieces of his great work on this firewall script. If a user downloads
the last version ever published, Jay's Firewall v1.0.5, it will find
that it does not work (anymore). I have been able to sort out 
the quirks that kept it from running, and have now published this
altered version as a fork on Github under the name Silentbob.

The goal is to keep the software alive and kicking, and to ultimately
have a nice firewall script to run on gateways and servers.
Although Jerome recommends users to look elsewhere, for instance
at M0n0wall or Shorewall, I still prefer Jay's Firewall for
it's useability.

My minor edits and small hacks should not be praised, it was Jerome Nokin
who did the impressive work on this script. Thanks Jerome!

- Thomas Frivold 01.08.2012

Website: https://github.com/thomasfrivold/silentbob
Contact: Thomas Frivold <thomas.frivold@gmail.com>

INTRODUCTION FAQ:

Q: What does SilentBob do?
A: SilentBob is a frontend for iptables, which lets you configure
your Linux machine as a firewall or network router.
It uses a menu driven (ncurses) configure system which is very
easy to use.

Q: On what does SilentBob run on?
A: Unlike Jay's Firewall v1.0.5 which was released in 2005, SilentBob
runs on contemporary Linux distributions such as Ubuntu and new versions
of Debian, Fedora, ArchLinux and Slackware.

Q: Is SilentBob different from Jay's Firewall?
A: No, the functionality hasn't changed, and probably will not change.
The difference is that it actually works on newer systems, that's all.

Q: Why revive Jay's Firewall (ie. why am I doing this?):
A: Because Jay's Firewall was my preferred firewall script (iptables
wrapper) back in 2002 when I got aDSL installed in my house.
I kept using it, and found it to be really nice when I needed a
firewall, fast.

Q: But you didn't write it, why rename it?
A: I am forking it, so that I can keep my own Github repositories,
and do as much modifications to the sources as I want.
I still give all acknowledgements to Jerome Nokin for writing the
original script. I am but a fan.

Q: About that name...
A: It's a sly pun off the original name, Jay's Firewall...
Two funny characters seen in many films were Jay and Silent Bob. 
I figured it would make sense, that if Jay gave up on something, then
Silent Bob would pick it up and continue working on it. 
Jay & Silent Bob.
If you haven't seen any movies with Jay and Silent Bob in them,
you've missed out!

Q: Can you suggest some alternatives to this script?
A: Sure! 
   My friends on Reddit has suggested the following alternatives: 

   FWBuilder http://www.fwbuilder.org/

   Ferm http://ferm.foo-projects.org/ 

   UFW (Uncomplicated FireWall)
   https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

   Shorewall http://www.shorewall.net/
   
-----
Information from the old readme, which will be rewritten in the future, if needed.
-----
See INSTALL          for installation's details
See README.Spywares  for enable and initialize the spyware feature
See README.Peers     for protect your peer2peer softwares

###################
#      INFO       # 
###################

   First    : Excuse my English
   Web site : 'http://firewall-jay.sourceforge.net'
   Contact  : Jerome Nokin <jerome@wallaby.be>

   Description :
	Jay's Iptables Firewall is a bash script that allows one to easily 
	install and configure a firewall on a Linux system. It was initially 
	written for use on a home LAN. The basic features are sharing internet
	over a LAN, forwarding TCP or UDP ports over the LAN log for 
	prohibited accesses and more. 

	The configuration of the firewall is assisted by an interactive 
	configuration tool. You should be able to use the "firewall-config.pl" 
	script for a interactive configuration, or use "firewall-config.pl -g" 
	to generate a empty configuration's file and configure it by hand.



##########################################
# BLOCKING IPS, SPYWARES , ADWARE, ..    #
##########################################

   About the blocking hosts feature ...

SPYWARES
--------

   See README.Spywares



DENYING IP/HOST
---------------

   To deny some hosts from your domain, use the 'block-ip*' files.
   Go on '/var/lib/firewall-jay/',
        edit 'block-ip-in.user'  to deny all access 'from' hosts
        edit 'block-ip-out.user' to deny all access 'to'   hosts
   and configure the firewall for enable the blocking feature (with 'firewall-config.pl' or by hand)


   You may write your own files like "block-ip-{in|out}.<your description>" 
	
	Syntax:  [!]<ip or subnet>:<description>
	-------
           - subnet can be "host.domain.xxx", "1.1.1.1", "1.1.1.0/24", "1.1.1.0/255.255.255.0" 
             or a range like "1.2.3.50-1.2.3.100" but you need to install the iprange module.
           - description : must be less than 24 characters (logs from iptables are limited to 29)
                           no spaces allowed   

	   
        Example:
        --------
           !10.0.0.1:good-guy
           !10.0.0.5:good-guy 
           10.0.0.0/8:bad-guys

           In this example, all subnet '10.0.0.0/8' is denied excepted 10.0.0.1 and 10.0.0.5

           Please put what should not be blocked BERORE what must be it (like in example)


        See example in 'block-ip-out.spywares' file.
	A line begining with a '#" are regarded as comment.




DENYING MAC 
--------------

   You can only deny sources MAC address

   To deny some hosts, use the 'block-mac-in*' files.
   Go on '/var/lib/firewall-jay/',
   edit 'block-mac-in.user'  to deny all access 'from' hosts
   and configure the firewall for enable the blocking MAC feature (with 'firewall-config.pl' or by hand)



   You may write your own files like "block-mac-in.<your description>"

        Syntax:  <mac address>-<description>
        -------
           - mac address must be like XX:XX:XX:XX:XX:XX
           - description : must be less than 24 characters (log from iptables are limited to 29)
                           no spaces allowed

        A line begining with a '#" are regarded as comment.





##############################
# CUSTOM RULES               #
##############################

 Add your own rules in '/var/lib/firewall-jay/firewall-custom.rules' and enable the custom rules options.
 Next, restart the firewall with "/etc/init.d/fw-jay restart"
 See the custom file for more informations ...


##############################
# BUGS                       #
##############################

 Please help me and send me the bugs at 'jerome@wallaby.be' 
Something went wrong with that request. Please try again.