Gauntlet Firewall (IPTABLES)
Current Version: 2.1.0 - Build-02082008
By: magikh0e < h0e at IHTB d0t org >

	       '\v/`
               (o 0)  m0o.
                (_)  / www.IHackedThisBox.com


Gauntlet Firewall is a tool to implement a secure & state-full firewall using IPTables. 
Gauntlet is meant to run on the host serving to be the gateway machine for the rest of 
the network. DMZ support is not currently available in this release. 

The name comes from the old school proxy based firewall 'Gauntlet'. Before Checkpoint
Gauntlet was the KING of Firewalls. Other than the name there is no relation at all.

 
This firewall is NOT mean to run on single node systems. 
A future version will be released for host based only.

See INSTALL for help on installing Gauntlet.




USAGE:

A setup utility is included to ease the configuration of the firewall script, this utility
allows the ability to make customizations that are specific to your environment. Keep in
mind some protection schemes are enabled by default. It is best not to edit anything by
hand, unless you know what you are doing. IHTB provides limited support for this utility.



IHTB Firewall Functionality & Protection Features:
+++++++++++++++++++++++++++++++++++++============+++++++++++++
* Dynamic or Static addressing    * Full NAT Support
* Fix-ups for MTU/MSS Issues       * DoS/DDoS protection 
* SYN Flood Protection            * Packet Spoofing Protection
* Invalid packet blocking         * Fragmented packet blocking
* Port scan Blocking		  * Hide from trace-routes
  (FIN/URG/PSH)  (SYN/FIN)
  (SYN/RST)      (nmap FIN Stealth)
  (ALL/ALL Scan) (nmap Null Scan)
  (XMAS Scan)
 *Port scan attacks drop with be logged at a rate of 1per second.



Features enabled by default:
++++++++++++++++++++++++++++++
* Drops source routed packets      * Drops re-directs
* IGNORES ICMP Broadcasts          * Drops ALL ICMP Traffic
* IGNORES Bogus ICMP Errors        * DROPS and LOGS Martian packets 
* TCP FIN Timeout set to 30 secs   * TCP Keep Alive set to 1800 secs
* TCP SYN Cookie protection        * Enables the use of rp_filter on 
                                     ALL detected interfaces. 
				   'Spoofing detection and protection - 
			            Packets that live on the inside, 
				    should never come IN from the 
				    outside.'

* ALL INPUT, OUTPUT and FORWARDING is DROPPED, unless specifically allowed.
* Any new connection coming IN OR being forwarded that does not begin with a 
  SYN will be DROPPED.