quicktables
quicktables is an iptables firewall/NAT (gateway) script generator. It was created to quickly provide a secure set of iptables rules. It will ask you to answer a small handful of questions, and generates your very own personalized firewall script. It supports NAT and no NAT (firewall only) options, default policy of DROP on INPUT and FORWARD chains (all packets dropped), TCP and UDP ACCEPTs on INPUT chain (open ports to the firewall machine), TCP and UPD port forwarding with NAT (forward ports to multiple internal hosts--NAT only), multiple ICMP (ping) options, multiple logging options (syslog - kern.info), explicit host drops, and multiple port forwards for multiple external IP addresses.
| Tags | Networking Firewalls Security |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
Recent releases
- 03 Sep 2003 00:36
Changes: This version adds support for outbound blocks for blocking access to various internet services like ICQ and such, adds support for excluding hosts from outbound block rules, switches the method of determining external interface from the iproute2 to the route command, and includes other minor changes.
- 11 Aug 2003 09:01
Changes: Support for tun[0-9] interfaces was added to regex validation of real interfaces. Some typos were fixed. Any quicktables user using tun0-9 interfaces is urged to upgrade to this version.
- 07 Aug 2003 01:00
Changes: This release added support for dropping reserved private networks and specified ICMP message types coming in from the Internet. Support for both SNAT and MASQUERADE NAT helpers was added, and a quickblock.sh script was created for "on-the-fly" blocking of hosts or entire networks.
- 02 Aug 2003 11:37
Changes: The verbage for the port forwarding questions was changed, noting that a range of ports is allowed with the appropriate examples. Anyone using NAT with port forwarding is urged to upgrade to this release. Although no functionality was introduced, the text indicated "a single port to forward" when it should have read "a single port or range (1-1024) of ports".
- 30 Jul 2003 10:53
Changes: This release has advanced support for transparent HTTP proxying with squid running either on the firewall itself or running on another host, regexp validation of most user-provided IP addresses, support for additional packet logging levels, and more documentation.
- All comments
Recent commentsRe: About quicktable
>
> %
> % %
> % % If you want i can translate the
> % program
> % % and if you need help i'm here...
> % Here,
> % % where? Italy of course.
> % % Diaolin
> %
> %
> % an italian translation would be much
> % appreciated. there are romanian and
> % russian translations in the works
> % already.
>
>
> Ok, but if you create a message file it
> will be simpler...
> WeĆ¹riting directly into the script would
> be a paine.
> Diaolin(diaolin@diaolin.com)
>
>
I would like to contribute a Spanish translation if messages were put apart. Also, I'd suggest factoring out some very repetitive code like input validation etc.
Re: About quicktable
>
> %
> % If you want i can translate the
> program
> % and if you need help i'm here...
> Here,
> % where? Italy of course.
> % Diaolin
>
>
> an italian translation would be much
> appreciated. there are romanian and
> russian translations in the works
> already.
Ok, but if you create a message file it will be simpler...
WeĆ¹riting directly into the script would be a paine.
Diaolin(diaolin@diaolin.com)
Re: About quicktable
>
> If you want i can translate the program
> and if you need help i'm here... Here,
> where? Italy of course.
> Diaolin
an italian translation would be much appreciated. there are romanian and russian translations in the works already.
Re: About quicktable
> thanks for the feedback. i hope to
> evolve quicktables into a much more
> extensive firewall and nat soltution,
> but it's mostly targetted to the newbie
> audience with pretty basic needs. there
> are some neat and more advanced features
> planned for the next release though.
If you want i can translate the program and if you need help i'm here... Here, where? Italy of course.
Diaolin
Re: About quicktable
> Just a little consideration,
> the forwarder (from outside to inside)
> doesn't ask for a external destination
> and with your software you can only say
> eth0:80 goes to 192.168.10.2:80 but if
> you ask even for a public ip
> you can put event -d $publicip and so
> on.
> In this manner you can have multiple
> public ip adresses and multiple
> forwarders for the same port on
> different public targets, anyway good
> work
> Diaolin
thanks for the feedback. i hope to evolve quicktables into a much more extensive firewall and nat soltution, but it's mostly targetted to the newbie audience with pretty basic needs. there are some neat and more advanced features planned for the next release though.