Plonk: Rules-based IP firewalling
For GNU/Linux Systems

plonk excl.,vt.

[Usenet: possibly influenced by British slang `plonk' for cheap booze, or `plonker' for someone behaving stupidly (latter is lit. equivalent to Yiddish `schmuck')] The sound a newbie makes as he falls to the bottom of a kill file. While it originated in the newsgroup talk.bizarre, this term (usually written "*plonk*") is now widespread on Usenet as a form of public ridicule.

--The Jargon File (v.4.2.3)

Latest News:

[11-2-2001] Moving day! I have moved the project to SourceForge and dubbed it "Plonk". I will be gradually streamlining this page to integrate with SourceForge.

[12-4-2000] LISA is on! Just for you, a slightly updated version of the script with goodies for Win2K (CIFS, Kerb, LDAP)

[10-12-2000] Released beta version of iptables conversion. Many thanks to Blair Steenerson for contributing the framework. Also released a very minor update to the ipchains version.

Older News

[ features | SourceForge Project Page | feedback ]

Current stable version (ipchains): 1.7.3 (4 Dec 2000)
Current devel version (iptables): 0.99 (12 Oct 2000)

I have created a set of scripts which make setting up an IP Masq/NAT/Firewall system easy and (mostly) painless. Simply drop this script somewhere meaningful and call it from a startup script after setting up your ip masq modules (if necessary), or from ip-up after establishing the connection.

  • IP Masquerading/NAT
  • Easily configurable for PPP dialup, LAN - WAN or LAN - LAN gatewaying (such as ADSL, Cable Internet, or just a firewall)
  • External port blocks for vulnerable processes (SQL, NFS, X)
  • Secure out of the box (services blocked by default)
  • Ability to allow/block specific addresses or subnets (let your friends in, keep the script kiddies out)
  • Logging of packets that may be potential hacks
  • Basic services (ftp, http, etc) can be individually controlled
  • Takes advantage of ipchains/iptables ability to manipulate TOS bits for improved performance
  • Automatically configures addresses and determines if masquerading/NAT is needed.

Screenshot of 1.7 from a windows remote session
(click to enlarge)

Useful Tools:
Buy a book. Support the site.

IP Fundamentals,
Thomas Maufer
A clear and concise reference to the Internet Protocol and what makes it tick. A must-read for anyone working with IP.

Linux Firewalls,
Robert Ziegler
A perennial favourite of the local LUG, which is also home to the author of the Security HOWTO.

DNS & BIND, 3rd Ed.,
O'Reilly & Associates
Excellent reference on DNS. Useful when setting up your own caching nameserver in conjunction with your firewall.

Practical Unix & Internet Security
O'Reilly & Associates
A comprehensive guide to security under Unix, from the fundamentals, to handling incidents.

Internet Security: Firewall Principles ISEC07E
Interactive training course on firewall principles.

This file was last modified on Tuesday, 13-Feb-2001 06:37:12 UTC.