Levy
$Date: 2003/11/01 21:34:16 $levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open. Its design is to save folks some time in creating a skeleton ruleset to work from, though it can construct a fully functional firewall with NAT support.
Levy is free software, released under the artistic license. You can download the latest release (v1.22).
features
Levy supports creating a restrictive firewall with specific 'public' services, defined subnets for NAT, and defined trusted networks.Usage
levy has several run-time options to control what sorts of rulesets to generate: see levy.pl -h for a full list.Examples:
I want a basic firewall which allows in ports 22, 80, 113 (matching their protocols), logs all dropped connections, aggressively defines reserved addresses, and provides NAT for 192.168.0.0/16. My interface to the internet is eth0 --
./levy.pl eth0 22 80 113 -l -r -m -n 192.168.0.0/16 > firewall.rules
After testing this ruleset, I decide it's fine, though I want to open https (443) and set the output as a shell script I can just run:
./levy.pl eth0 22 80 113 143 -e -l -r -m -n 192.168.0.0/16 > firewall.rc