
firewall
--------

This package will create and load a firewall which is designed to
be simple to configure and use.

The way the firewall works is by examining a pair of directories,
and based upon the names of files within them generate a collection
of different "iptables" rules for both INCOMING & OUTGOING connections.


Setup
-----

Create your rules by touching files in:

         /etc/symbiosis/firewall/incoming.d/
         /etc/symbiosis/firewall/outgoing.d/

The filenames you choose must be of the form "$number-$name", where
number is used purely for sorting purposes.  The name you use will
determine which services are exposed for incoming connections and
which outgoing connections are permitted.

(See the later section on naming.)


Simple Example
--------------


The following defines a system which will only accept incoming connections
for SSH and SMTP

        rm /etc/symbiosis/firewall/incoming.d/*
        touch /etc/symbiosis/firewall/incoming.d/10-smtp
        touch /etc/symbiosis/firewall/incoming.d/20-ssh
        touch /etc/symbiosis/firewall/incoming.d/99-drop


Complex Example
---------------

The following example will accept incoming SMTP connections from anywhere
but only SSH from a single IP address:

        rm /etc/symbiosis/firewall/incoming.d/*
        touch /etc/symbiosis/firewall/incoming.d/10-smtp
        touch /etc/symbiosis/firewall/incoming.d/99-drop
        echo "192.168.1.1" > /etc/symbiosis/firewall/incoming.d/20-ssh


Naming
------

The names "smtp", "ssh", and "drop" used in the previous two examples
are magical.  These names are used to lookup the port number, and associated
protocol, from the services file /etc/services.


Steve
--
