What is Fishwall 1?
Fishwall is a Perl module and script that can configure, load, refresh, flush etc. your iptables. It includes
some useful single command switches for emergencies. these include:
- block all traffic
- redirect all trafic to IP xxx.xxx.xxx.xxx
As well as others.
Fishwall can also configure NAT/MASQUERADE for you.
You can easily add your own custom iptables configurations to the fishwall.conf file by hand as well if required.
Fishwall is easy to configure, using the built-in prompt interface, even if you have little or no knowledge of firewalling, iptables and Linux.
Where can i get it?
You can download Fishwall 1 from the Webfish Linux Sourceforge page which is located here.
Fishwall-1 works fine but the configure interface is still a bit buggy in some more complex scenarios- in this case best write
fishwall.conf by hand or use configure and then fix the conf. The whole of Fishwall could do with a re-write as OO-perl code really,
this would make it easier to implement a decent configure.
Command Line Arguments
- [-fa] - Flush all tables and delete fishwall block(s) - down firewall.
- [-ff] - Flush firewall table anf fishwall block(s) only.
- [-fn] - Flush nat table only.
N.B: Flush commands can be used with -l - e.g:
fishwall.pl -fa -l
They can also be used before -bi, -ba, -bo and -bif. e.g.:
fishwall.pl -ff -bi
- [-bi] - Block all incoming connections on all interfaces.
- [-ba] - Block all connections (in,forward,out)
- [-bo] - Block outgoing connections.
- [-bf] - Block all forward traffic.
- [-bif]- Block all incoming connections and all forward traffic.
- [-c] - Configure.
- [-l] - Load firewall config and set firewall.
- [-a] - Use after -l or -c to specicify alternate config file.
fishwall.pl -fa -l -a /home/me/myconf.conf
- [-r] [IP] - Redirect all traffic to IP
- [-p] [PORT] [IP:PORT] - portforward (DNAT)from [PORT] to [IP:PORT]
- fishwall.pl - the script
- Fishwall.pm - Perl module with base functions for fishwall.
- fishwall.conf - fishwall configuration file - written automatically
by -c option.You can also add iptables
commands to this file by hand.
Feel free to post in the bugs section
if ya like, or send me a fix ;).
© rune June 2k2.
One Life, One Love, One Music.