#############################################################################
#                                                                           #
#  Jay's Iptables Firewall    v0.9.96    :    README  file                  #
#                                                                           #
#  Copyright 2002 Jerome Nokin                                              #
#                                                                           #
#   This program is free software; you can redistribute it and/or modify    #
#   it under the terms of the GNU General Public License as published by    #
#   the Free Software Foundation; either version 2 of the License, or       #
#   (at your option) any later version.                                     #
#                                                                           #
#   This program is distributed in the hope that it will be useful,         #
#   but WITHOUT ANY WARRANTY; without even the implied warranty of          #
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
#   GNU General Public License for more details.                            #
#                                                                           #
#   You should have received a copy of the GNU General Public License       #
#   along with this program; if not, write to the Free Software             #
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston,                   #
#   MA  02111-1307  USA                                                     #
#                                                                           #
#############################################################################



See INSTALL for installation's details


###################
#      INFO       # 
###################

   First    : Excuse my English
   Web site : 'http://www.wallaby.be/firewall/'
   Contact  : Jerome Nokin <jnokin@ulb.ac.be>

   Description :
	Jay's Iptables Firewall is a bash script that allows one to easily 
	install and configure a firewall on a Linux system. It was initially 
	written for use on a home LAN. The basic features are sharing internet
	over a LAN, forwarding TCP or UDP ports over the LAN log for 
	prohibited accesses and more. 

	The configuration of the firewall is assisted by an interactive 
	configuration tool. You should be able to use the "firewall-config.pl" 
	script for a interactive configuration, or use "firewall-config.pl -g" 
	to generate a empty configuration's file and configure it by hand.



##########################################
# BLOCKING IPS, SPYWARES , ADWARE, ..    #
##########################################

   About the blocking hosts feature ...


1) To deny some hosts from your domain, use the 'block-ip*' files.
   Go on '/var/lib/firewall-jay/', 
	edit 'block-ip-in.user'  to deny all access 'from' hosts 
	edit 'block-ip-out.user' to deny all access 'to'   hosts   
   and configure the firewall for enable the blocking feature (with 'firewall-config.pl' or by hand)



2) This firewall provided a list IP/subnet coming from alt.privacy.spyware. 
   The list was writed by Sponge (http://www.geocities.com/yosponge/) <yosponge@yahoo.com>
   
   Four files are proposed:
   
   	block-ip-out.spywares                 : Big file with all spyware founded
	block-ip-out.spywares-lite            : Lite version of spywares
	block-ip-out.doubleclick              : Doubleclick
	block-ip-out.microsoft                : Microsoft (don't use for MSN)

	
   WARNING : file in 'block-ip-out.microsoft' are be commented out in 'block-ip-out.spywares[-lite]'.


3) You may write your own files like "block-ip-{in|out}.<your description>" 
	
	Syntax:  [!]<ip or subnet>:<description>
	-------
           - subnet can be "host.domain.xxx", "1.1.1.1", "1.1.1.0/24" or "1.1.1.0/255.255.255.0"
           - description : must be less than 24 characters (log from iptables are limited to 29)
                           no spaces allowed   

	   
        Example:
        --------
           !10.0.0.1:good-guy
           !10.0.0.5:good-guy 
           10.0.0.0/8:bad-guys

           In this example, all subnet '10.0.0.0/8' is denied but 10.0.0.1 and 10.0.0.5

           Please put what should not be blocked BERORE what must be it (like in example)


        See example in 'block-ip-out.spywares' file.
	A line begining with a '#" are regarded as comment.


4) Update lists are available on web page. (http://www.wallaby.be/firewall/)



##########################################
# BLOCKING MAC                           #
##########################################

   About the blocking MAC address feature ...


1) You can only deny sources MAC address


2) To deny some hosts, use the 'block-mac-in*' files.
   Go on '/var/lib/firewall-jay/',
   edit 'block-mac-in.user'  to deny all access 'from' hosts
   and configure the firewall for enable the blocking MAC feature (with 'firewall-config.pl' or by hand)



3) You may write your own files like "block-mac-in.<your description>"

        Syntax:  <mac address>-<description>
        -------
           - mac address must be like XX:XX:XX:XX:XX:XX
           - description : must be less than 24 characters (log from iptables are limited to 29)
                           no spaces allowed

        A line begining with a '#" are regarded as comment.





##############################
# CUSTOM RULES               #
##############################

 Add your own rules in '/var/lib/firewall-jay/firewall-custom.rules'
 Your rules will be added in the first position



##############################
# BUGS                       #
##############################

 Please help me and send me the bugs at 'jnokin@ulb.ac.be' 


