Hi all, It's my first mail to a Debian list.
I've been working on a debian package with a basic iptables-based firewall system. I read some info regarding debian and firewalling here: http://wiki.debian.org/DebianFirewall http://wiki.debian.org/Firewalls http://wiki.debian.org/iptables After deploy a bunch of local firewalls on linux servers and also as a perimeter firewall based on linux & iptables, I discovered myself always writing the same hierarchy of script files. So, I decided to put all in a .deb package as a standar basic service to the system, so the admin can easily write new rules and have a good structure to start building a strong firewall from. In RHEL & derivates distros, you can see some kind of "firewall" service, all based on iptables, and here i've done the same, but in the debian way. By now, the package includes (adds) this to the system: · An init.d script that manages iptables (including basic nat and routing) as a service. · The init.d script has his own /etc/defauld/firewall file with a few directives for the admin to adapt the firewall. (such as change easily the default policy in testing environments, the option to flush or not nat rules when stopping the firewall and the option to stop routing or not when stopping the firewall). · Valid rsyslog conf to get firewall logs on /var/log/firewall.d/ · Reasonable logrotate conf to all files under /var/log/firewall.d · Separates iptables files under /etc/firewall.d with this hierarchy: local rules (input, output), external rules (forward), nat rules and other rules (such as mangle ones). All files with no default configuration other than permit traffic from and to the local machine. · Full IPv6 support. I see this basic approach a nice way to include a firewall as a service in the system. No one of the packages listed in the debian wiki seems to only deploy a structure where the system admin can build his own firewall. This package just try to do that. By contacting here I want to show you the package, seeking your knowledge in sys admin and debian packaging. If you see the package, you will notice that there are a lot of weird things in some places, like the maintainer scripts. I know it. I'm new writing .deb packages and i'm learning now the debian way. I know i lack in knoledge of some d/files, like "rules", and there isn't any references to copyright (absolutely GPL or something, of course) All about the package itself could be subject of strong evolution, and i would like to see it as fine-tuned as all others debian packages. So, I ask you two things: · What about the schema i'm talking on? · What about the format of the package? The package itself: https://sites.google.com/site/ralarturo/acme-firewall_0.07-1_all.deb In addition, I've been working by now for a while with debian-based HA firewall clusters. I have some interesting documentation developed by me regarding this issues. The doc covers some aspect like comparisons between technologies (keepalived, VRRP, pacemaker, conntrakd, netfilter, corosync, heartbeat, and so on..) and explains a basic deployment in several ways. The problem is that document is in my native language (spanish) and the translation is pending. Here I reference it if you like to take a look: https://sites.google.com/site/ralarturo/proyecto_integrado_arturo_borrero_pdf.pdf That's all. Best regards. -- /* Arturo Borrero Gonzalez || [email protected] */ /* Use debian gnu/linux! Best OS ever! */ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/capfcjav3h4e+tpiqfbgowdfnfwt4+fqepvj8hcfaabh9jm7...@mail.gmail.com
