
#Setup
make install

#To see what a module is for:
/usr/lib/firebricks/tcpchk help

#If you want to see the rules that will be called, without actually
#making them live in your firewall (note that the actual calls from
#INPUT, OUTPUT, and FORWARD may do some additional checks to reduce the
#amount of traffic processed by this chain):
/usr/lib/firebricks/tcpchk create

#To actually use the rules in this brick in an existing firewall, edit
#your firewall startup script and put one of the following lines at the
#point where you want the checks to take place.  You'll need to choose
#what action(s) to take when an illegal packet is found; multiple
#actions are legal, and performed in the order specified:
#To just keep counts of illegal packets (the safest approach):
/usr/lib/firebricks/tcpchk start NONE
#To actually drop the packets and send back an error:
/usr/lib/firebricks/tcpchk start REJECT
#To drop and log:
/usr/lib/firebricks/tcpchk start LOG DROP

#If you're adding this brick to an already running firewall and want to
#force the INPUT/OUTPUT/FORWARD calling lines to the top or bottom of
#those chains, add the word   insert   or   append   to one of the above
#lines.

#To atomically replace the rules in the chain without affecting the rest
#of the firewall (allows you to specify new action(s) or load a new
#ruleset):
/usr/lib/firebricks/tcpchk replace DROP

#To completely shut down a chain without wiping out the rest of the
#firewall:
/usr/lib/firebricks/tcpchk stop


#Optional stuff
- append bogon-hosts to /etc/hosts (speeds up iptables -L if you leave
  name resolution on)
- mkdir /etc/firebricks/
- touch /etc/firebricks/firebricks.conf

