Plonk: Rules-based IP firewalling
For GNU/Linux Systems

plonk excl.,vt.

[Usenet: possibly influenced by British slang `plonk' for cheap booze, or `plonker' for someone behaving stupidly (latter is lit. equivalent to Yiddish `schmuck')] The sound a newbie makes as he falls to the bottom of a kill file. While it originated in the newsgroup talk.bizarre, this term (usually written "*plonk*") is now widespread on Usenet as a form of public ridicule.

--The Jargon File (v.4.2.3)

Latest News:

[11-2-2001] Moving day! I have moved the project to SourceForge and dubbed it "Plonk". I will be gradually streamlining this page to integrate with SourceForge.

[12-4-2000] LISA is on! Just for you, a slightly updated version of the script with goodies for Win2K (CIFS, Kerb, LDAP)

[10-12-2000] Released beta version of iptables conversion. Many thanks to Blair Steenerson for contributing the framework. Also released a very minor update to the ipchains version.

Older News



[ features | SourceForge Project Page | feedback ]


Current stable version (ipchains): 1.7.3 (4 Dec 2000)
Current devel version (iptables): 0.99 (12 Oct 2000)


I have created a set of scripts which make setting up an IP Masq/NAT/Firewall system easy and (mostly) painless. Simply drop this script somewhere meaningful and call it from a startup script after setting up your ip masq modules (if necessary), or from ip-up after establishing the connection.

Features:
  • IP Masquerading/NAT
  • Easily configurable for PPP dialup, LAN - WAN or LAN - LAN gatewaying (such as ADSL, Cable Internet, or just a firewall)
  • External port blocks for vulnerable processes (SQL, NFS, X)
  • Secure out of the box (services blocked by default)
  • Ability to allow/block specific addresses or subnets (let your friends in, keep the script kiddies out)
  • Logging of packets that may be potential hacks
  • Basic services (ftp, http, etc) can be individually controlled
  • Takes advantage of ipchains/iptables ability to manipulate TOS bits for improved performance
  • Automatically configures addresses and determines if masquerading/NAT is needed.
Screenshot:

Screenshot
Screenshot of 1.7 from a windows remote session
(click to enlarge)


Useful Tools:
Buy a book. Support the site.


IP Fundamentals,
Thomas Maufer
A clear and concise reference to the Internet Protocol and what makes it tick. A must-read for anyone working with IP.


Linux Firewalls,
Robert Ziegler
A perennial favourite of the local LUG, which is also home to the author of the Security HOWTO.


DNS & BIND, 3rd Ed.,
O'Reilly & Associates
Excellent reference on DNS. Useful when setting up your own caching nameserver in conjunction with your firewall.


Practical Unix & Internet Security
O'Reilly & Associates
A comprehensive guide to security under Unix, from the fundamentals, to handling incidents.


Internet Security: Firewall Principles ISEC07E
SmartForce
Interactive training course on firewall principles.

This file was last modified on Tuesday, 13-Feb-2001 06:37:12 UTC.