Copyright (c) 1999 Jessica Quaintance. All rights reserved. This package is free software; you can redistribute it and/or modify it under the same terms as Perl itself (see LICENSE), with the exception of the libipfwc.c, ipchains.c, and the files in include/ which have separate terms derived from those of the original ipchains sources (see LICENSE.ipchains). Please see README.ipchains for the README that was included with the original source code for ipchains and contains copyrights and credits for such. For the full original source code, documentation and other information related to the ipchains project please see http://www.rustcorp.com/linux/ipchains/. The Ipfw.pm module is a seperate entity from such, so please do not bother the author of the ipchains source with issues related to this module. For the most current version of this module please see http://www.x25.org/ipchains.html. For more information about the module, or to submit questions, comments, or bug reports about such, please email j@x25.org. ----------------------------------------------------------------- To build this module, run the following commands: perl Makefile.PL make make install To use this module you'll need to have several features enabled in your kernel. From the ipchains README: -- If your kernel version is before 2.1.102; you need the ipfwchains patch to the 2.1.x or 2.0.x kernel series. You need to be running a kernel compiled with CONFIG_IP_FIREWALL (for 2.1.102 and above) or CONFIG_IP_FIREWALL_CHAINS set to `Y'. You can tell that your current kernel is compiled with this by looking for /proc/net/ip_fwchains' - if it exists, then your kernel is ready for the ipchains utility. -- To use features such as IP Masquerading, IP Forwarding, IP Aliasing, etc., you will have to also enable these individually in your kernel configuration. ----------------------------------------------------------------- The IPChains.pm module was created to act as an interface to the Linux IP firewalling routines so that one might set, list, or otherwize modify and/or access Linux firewalling rules and information from perl, and to do so relatively painlessly. As an example, if you wanted to deny all traffic from 192.168.100.0/24 going to 192.168.1.0/24, and log all attempts, you could create a rule as such: $fw = IPChains->new(Source => "192.168.100.0", SourceMask => "24", Dest => "192.168.1.0", DestMask => "24", Rule => "DENY", Log => "1" ); $fw->append("input"); (Note that "input" is the chain you're applying the rule to., and masks can also be written in the 255.255.255.0 notation). Then, to list the results you could clear the options, set the Verbose option, then call the list() method: $fw->clopts(); $fw->attribute(Verbose, 1); $fw->list("input"); Available options, attributes and syntax are listed in the POD documentation contained in IPChains.pm. TODO: 1) Add a package to manage the logs generated by ipchains if the logging option is specified. 2) Possibly add more methods for searching through set rules and selecting/manipulating rules by search criteria. BUGS: No -S support quite yet. RSN. ! (invert rule) doesn't seem to work. Will be fixed RSN too. CONTRIBUTIONS: Thanks for bug fixes/patches/updates/additions or all of the above to: Heather Adkins - early troubleshooting/bug fix Sven Koch - bug fixes and list_chains() function Francis J. Lacoste - bug fixes