What is GreatWall?

Great Wall is built by my ancestor 2,000 years ago and it is still one of the wonders in the world. It is built for a reason - to protect the Middle Kingdom from the marauding tribes. My GreatWall serve the same purpose - protect your network from unauthorised from the outside.

If you want to find out information about the Great Wall, check this out. If you are looking for a firewall script, then read on.

GreatWall is a bash script that depends on a few things to run, check out the documentation page for more information. When I first started using Linux as my firewall 3 years ago, I didn't give it any name; I just called it firewall or netfilter. Anyway, after I have decided to register with SourceForge I don't know what to call it. Dik suggested me to call it Great Wall... so this is how it gets its name. :-)

GreatWall depends on the followings, in order to run properly:

  1. Linux, if you do not have it already, download now!
  2. A 2.4 series kernel and it must have "Network packet filtering" enabled along with its modules.
  3. Netfilter is an excellent packet filtering tool.
  4. Bash, GreatWall is a bash script remember?
  5. ipcalc, it comes with RedHat. If you are not running RedHat based distro, you will need to modify the greatwall script.
GreatWall was mainly written on Trustix and has been tested on RedHat (7.0, 7.2, 7.3 and 8.0) and Trustix (1.2, 1.5 and 2.0). I believe it should work on all RedHat based distributions. I think it will work on Debian, Slackware as well, with minor modifications. OK, I'll give it a go later when I have time to install Debian and Slackware.

What GreatWall can do?
GreatWall can filter packets that go through it, you install it between your ADSL line and the internal network, it can filter traffic going in or out of your private network. Currently it does not support DMZ and application mapping. I'm working on application mapping, and will be released soon.
GreatWall cannot filter traffic that does not go through it.

Is GreatWall right for me?
This is very hard to tell... If you are new to iptables and packet filtering, I think yes. If you are experienced, again, yes, you can base on GreatWall and make your own firewall. If you are an expert, then you should start your own firewall. :-) Anyway, have fun!

If you want to find out more about packet filtering and firewall, check out O'Reilly website.