IMPORTANT
This readme is *NOT* directions on how to use ipfwadm or ipchains....
For directions on how to use ipchains see:

Linux IP Firewalling Chains
	- http://www.rustcorp.com/linux/ipchains
IP Chains HOWTO
	- http://www.linux-howto.com/LDP/HOWTO/IPCHAINS-HOWTO.html
IP Masquerade mini HOWTO
	- http://www.linux-howto.com/LDP/HOWTO/mini/IP-Masquerade.html


For directions on how to use ipfwadm see:

X/OS Experts in Open Systems 
	- http://www.xos.nl
Firewalling and Proxy Server HOWTO 
	- http://www.linux-howto.com/LDP/HOWTO/Firewall-HOWTO.html
Linux IP Masquerade mini HOWTO
	- http://www.linux-howto.com/LDP/HOWTO/mini/IP-Masquerade.html

INTRODUCTION
fwconfig is a utility I wrote that generates a Linux firewall script via a 
Netscape front end. I could have very easily executed the firewall rules from 
one of the CGI programs, instead, I create a script that can be modified by 
the administrator. This gives the administrator complete control over the 
program, which is generally a good idea.

REQUIREMENTS
In order to use this program you must have root access to the Linux Firewall 
machine and you have to have a kernel that supports the kernel level firewall
facilities.

INSTALLATION
Unpack fwconfig-x.xx.tar.gz in a directory that's accessible to the web.
Most normal people do not run their web servers as root (I hope!) so that left
me in a bind as to how I would execute the shell scripts. Thus, fwconfig.pl 
has to be "setuid root". I provided a script to facilitate this called 
fixperms.pl, su to root and run it... (e.g. ./fixperms.pl).

In order to get fwconfig running, you'll need to set up apache to allow 
execution of cgi scripts in what ever directory you put fwconfig in...
Depending on your version of apache, there may be a number of files to edit.
In the latest version of Apache (1.3.6 as of this writing) the default file 
for everything you'll need to do is httpd.conf. Basically you are looking for 
the following lines:

AddHandler .cgi

Edit that line to look like this:

AddHandler .cgi .pl

There will also be access permissions to set up so that Apache will allow
execution of cgi scripts in a non cgi-bin directory.

<Directory /path/to/fwconfig/> 
AllowOverride All
Options ExecCGI
</Directory>

USAGE
Unfortunately, fwconfig got a little more complicated in version 1.3 when I
added the RememberConfig() function. So in order to be consistent, you had
to duplicate any additions to the html file in the RememberConfig() function 
as well. This required a little Perl knowledge...

So what I did to solve this problem is to dynamically generate all the list
values directly from /etc/services. So, if you want to add more ports/services,
all you have to do is make the correct entry to /etc/services, and they will
show up the next time you run fwconfig!

Currently, I only grab the TCP ports from /etc/services, because UDP gets
handled internally, and only for DNS...

CHANGES
Major changes from 1.3
1.) Got rid of fwconfig1.html - (there was really no need for it)
		+ Just don't delete .fwconfig
2.) All services/ports are retrieved directly from /etc/services
		+ A list box of values is dynamically created for each
		+ train of traffic (incoming, outgoing, and forwarding)

BUGS
Welp - I spent a total of 2 hours learning ipchains, so I guess we'll see =)
There's still a lot of work I want to do, I currently don't take advantage
of any of the cool things that ipchains can do, so I have some work ahead of
me. Also, I don't have a lan in my apt. so I wasn't able to try out the 
masquerade rules under ipchains, but I think they are correct...

NOTES
If anyone feels so inclined to improve the look of fwconfig, please do so!
Just send me the html/graphics and I'll add them as well as adding a credit 
in this README... The same goes for those of you who want to add some code
to make fwconfig more robust, or fix a bug, etc...

TODO
Make the scripts smarter and smarter.
Write help pages.

Thanks for all your support! I've gotten some really nice emails from people
who downloaded fwconfig, and every-time I get one, it feels great and makes
me want to keep going!

As always, all comments are welcome!

-Sonny
sparlin@openpro.org
