Download List


Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.


System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from page, and the downloads themselves may not be hosted on OSDN.

2012-03-13 22:41

LAN_INET_OPEN_xxx、 LAN_INET_HOST_OPEN_xxx、 DMZ_INET_OPEN_xxx 和 DMZ_INET_HOST_OPEN 的逻辑和处理已被更改,并处理一些 sysctl 内核设置的调整了。它是现在可能要禁用设置/重置的某些设置 (如转发)。现在,默认 UDP 连接的超时时间为 60 秒。添加了对新的 LOCAL_CONFIG_DIR 变量的支持。其默认值为"/ etc/arno-iptables-firewall/conf.d"。改进的文档了。杂项调整作了 arno fwfilter。
标签: Stable
The LAN_INET_OPEN_xxx, LAN_INET_HOST_OPEN_xxx, DMZ_INET_OPEN_xxx, and DMZ_INET_HOST_OPEN logic and handling was changed, and handling of some of the sysctl kernel settings was tweaked. It is now possible to disable setting/resetting of some settings (like forwarding). The default UDP connection timeout is now 60 seconds. Support for a new LOCAL_CONFIG_DIR variable was added. It defaults to "/etc/arno-iptables-firewall/conf.d". Documentation was improved. Miscellaneous tweaks were made for arno-fwfilter.

2011-12-23 22:53

此发行版中删除 DNS_FAST_FAIL 和 RESOLV_IPS,因为它们都已过时。它将添加杂项调整。
标签: Stable
This release removes DNS_FAST_FAIL and RESOLV_IPS, since they are both obsolete. It adds miscellaneous tweaks.

2011-10-15 00:43

此版本修复了要正确处理内核 3 的 kernel_ver_chk() 函数,修复包含启用了 ipv6 的 REJECT_UDP 变量 (它应该使用"icmp6-addr 无法-到达"ipv6),分析 AIF 变量与一个共同的函数,并将缺少的字段记录一个警告。
标签: Unstable
This release fixes the kernel_ver_chk() function to properly handle kernel 3, fixes variables containing REJECT_UDP with IPv6 enabled (it should use "icmp6-addr-unreachable" for IPv6), parses AIF variables with a common function, and logs missing fields with a warning.

2011-09-16 23:41

此呼吁释放在配置insserv,可用时。这是必需的,例如,在Debian / Ubuntu的系统使用基于依赖关系的引导。它修复了组播的跳跃,这应该是在EXT_INPUT_CHAIN​​结束做,而不是在一开始,用户将无法创建“正常”的规则,它。它更新了几个插件。
标签: Stable
This release calls insserv during configure, when available. This is required, for example, on Debian/Ubuntu systems which use dependency-based booting. It fixes MULTICAST jumping, which should be done at the end of EXT_INPUT_CHAIN, not at the beginning, or users won't be able create "normal" rules for it. It updates several plugins.

2011-03-29 17:54

内核支持执行检查时,启用IPv6支持。几个bash的主义是固定的。一种解决方法是提供一个Busybox的'灰'的错误时IPV6_SUPPORT已启用。 PPTP的VPN的插件是为当地提供支持的PPTP服务器。一种不正确的URL位置查找阿诺- fwfilter是固定的。同类型0路由头所有IPv6数据包被丢弃在新IPV6_DROP_RH_ZERO变量。 IPv6的地址处理HOST_OPEN_ICMP,HOST_DENY_ICMP_NOLOG和HOST_DENY_ICMP变量是固定的。还有一些其他的调整和修正。
标签: Stable
Kernel support check is performed when IPv6 support is enabled. Several bash-isms were fixed. A workaround was provided for a Busybox 'ash' bug when IPV6_SUPPORT is enabled. A pptp-vpn plugin was provided for local PPTP server support. An incorrect URL for location lookup in arno-fwfilter was fixed. All IPv6 packets with Routing Header Type 0 are dropped when the new IPV6_DROP_RH_ZERO variable is set. Handling of HOST_OPEN_ICMP, HOST_DENY_ICMP_NOLOG, and HOST_DENY_ICMP variables with IPv6 addresses was fixed. There were several other tweaks and fixes.

Project Resources