This guide is organized according to what you want to do. Each section covers a particular task, and shows you what steps to take to accomplish that task.

How do I...

...install modwall?

#Setup make install

...find out what a module does?

To see what a module is for:

/usr/lib/modwall/tcpchk help

...see what firewall rules will be created without actually touching the firewall?

...put the rules in place, but not actually use them?

If you want to see the rules that will be called, without actually making them live in your firewall (note that the actual calls from INPUT, OUTPUT, and FORWARD may do some additional checks to reduce the amount of traffic processed by this chain):

/usr/lib/modwall/tcpchk create

...start inspecting packets with a brick?

To actually use the rules in this brick in an existing firewall, edit your firewall startup script and put one of the following lines at the point where you want the checks to take place. You'll need to choose what action(s) to take when an illegal packet is found; multiple actions are legal, and performed in the order specified:

To just keep counts of illegal packets (the safest approach):

/usr/lib/modwall/tcpchk start NONE

To actually drop the packets and send back an error:

/usr/lib/modwall/tcpchk start REJECT

To drop and log:

/usr/lib/modwall/tcpchk start LOG DROP

If you're adding this brick to an already running firewall and want to force the INPUT/OUTPUT/FORWARD calling lines to the top or bottom of those chains, add the word

to one of the above lines.

...atomically change the action taken for packets identified by a brick?

To atomically replace the rules in the chain without affecting the rest of the firewall (allows you to specify new action(s) or load a new ruleset):

/usr/lib/modwall/tcpchk replace DROP

...shut down a brick without affecting the rest of the firewall?

To completely shut down a chain without wiping out the rest of the firewall:

/usr/lib/modwall/tcpchk stop

Additional notes

Optional stuff: