NSPM - Network Security & Policy Manager

  • Increase font size
  • Default font size
  • Decrease font size
Home Documentation

Installation guide

Requirements

  • Linux kernel >2.4 (2.6 recommended) with appropriate netfilter modules available
  • Iptables >1.4 with iptables-save and iptables-restore binaries
  • Sudo >1.6 privileges escalation tool
  • PHP5 >5.1 without safe-mode and with sessions support
  • Smarty >2.6 PHP templates processing framework
  • Web server with PHP5 support (Apache2 recommended)
  • Web browser with JavaScript and cookies enabled (Firefox3 recommended)

Configuration

This application is web-based. You need to identify the web user on your system to grant proper permissions.
Web user may change according to your Linux distribution and web server: www-data, apache, www, etc.

  • Extract archive to web directory
    • tar -xzf archive.tar.gz
  • Grant permissions to web user
    • chown -R www-data.www-data
  • Edit sudo configuration
    • visudo or edit /etc/sudoers
    • Grant root privileges to web user for Iptables binaries execution
root        ALL = (ALL) ALL
www-data    ALL = (root) NOPASSWD: /sbin/iptables*
  • Edit application configuration file
    • edit inc/config.inc.php
    • Define display preferences and system paths to binaries
define('DEBUG', true);
define('LANG', 'en');
define('COLOR', 'white');
define('TITLE', 'Iptables Firewall Administration');

define('SMARTY_DIR', '/usr/share/php/smarty/libs/');
define('HTML_DIR', '/var/www/firewall/');
define('SUDO', '/usr/bin/sudo ');

define('IPTABLES', SUDO .'/sbin/iptables');
define('IPTABLES_SAVE', SUDO .'/sbin/iptables-save');
define('IPTABLES_RESTORE', SUDO .'/sbin/iptables-restore');

define('IFCONFIG', '/sbin/ifconfig -a');
define('NETSTAT', '/bin/netstat -n -t -u');
define('ARP', '/usr/sbin/arp -a -n');
define('UNAME', '/bin/uname -s -n -r -m -o');
define('UPTIME', '/usr/bin/uptime');
define('CPUINFO', '/bin/cat /proc/cpuinfo');
define('MEMINFO', '/bin/cat /proc/meminfo');
  • Secure your web directory!
    • Bind web server to local addresses only
    • Create appropriate firewall rules to restrict connections
    • Enable server-embedded user authentication (.htaccess)

Caution

Backup your current Iptables configuration before running the application. Even though most common rules and options are supported and will be automatically imported, some specific parameters may be lost in the process. Note that no modification will be made before you actually commit a new configuration so pay close attention to first run.

 

User guide

Networking and Iptables

Networking basics (TCP/IP, routing, NAT) and security notions are required to go though the configuration process. NSPM will automatically generate Iptables rules according to your settings but will not setup a secure network if your security policy is not well thought. By the way, if you are not familiar with Iptables internal mecanisms such as tables and chains traversal which are out of the scope of this documentation, you should first take a look at this great tutorial:

English http://iptables-tutorial.frozentux.net/iptables-tutorial.html
French http://www.linux-france.org/prj/inetdoc/guides/iptables-tutorial/

Last Updated on Sunday, 19 April 2009 17:19  

Headlines

Development

What Linux distribution do you run your Iptables firewall on ?
 

Bookmark and Share

Get Network Security & Policy Manager at SourceForge.net. Fast, secure and Free Open Source software downloads