| Linode Forum https://forum.linode.com/ |
|
| Hunting: Brilliant Firewall builder for debian https://forum.linode.com/viewtopic.php?f=19&t=1418 |
Page 1 of 1 |
| Author: | Internat [ Sat Jan 22, 2005 5:37 am ] |
| Post subject: | Hunting: Brilliant Firewall builder for debian |
So im interested to knwo if anyone has found a firewall builder thaht they think is brilliant and works great etc, other then of course building the rules with ipitables commands themselves.. im looking for an application preferably console based, but if i have to use a gui i will only as long as i can export it to another computer. anyone have any ideas? cheers Nathan |
|
| Author: | pclissold [ Sat Jan 22, 2005 5:54 am ] |
| Post subject: | |
I recommend that you try FireHOL - easy to use, covers almost every need 'as-installed', can be extended to deal with non-standard protocols, and has good documentation. It's console based, too. |
|
| Author: | sarge [ Sat Jan 22, 2005 10:37 am ] |
| Post subject: | |
I tried running and tweaking both shorewall and firehol for about 3-4 days each and on different machines. FireHOL is indeed good. But my final choice went to shorewall. IMHO, none of the other tools came close to these two excellent choices. I recommend you try both shorewall and firehol for a couple days before choosing. I wouldn't bother with other firewall tools unless you have a lot of free time to spare. If you choose shorewall, just edit these 3 simple files: rules, policy and interfaces. By breaking up config into multiple files, shorewall makes the syntax easier yet more flexible than single-file configs. For example, an entry in the 'rules' file to allow http and https connections from external network to the firewall looks like this: AllowWeb net fw Or it can look like this if you prefer seeing actual port numbers in your 'rules' config file: ACCEPT net fw tcp 80 By defining 'net' in a separate config file (called 'interfaces'), shorewall simplifies the rules file syntax. This is the philosophy of shorewall which made it a no-brainer to configure and maintain (even on my home gateway/firewall with multiple network cards). You can also specify a specific ip address like this so that only ip address 123.123.123.123 can connect via ssh into the fw machine: AllowSSH net:123.123.123.123 fw Or like this which means the same thing: ACCEPT net:123.123.123.123 fw tcp 22 Again, try both shorewall and firehol. These are the top 2 choices by a huge margin and you can't go wrong with either in generating/managing iptables rules. |
|
| Author: | projectandrew [ Sat Jan 22, 2005 4:19 pm ] |
| Post subject: | |
I also now use shorewall on all my boxes, and have done for some time, since it's very easy to configure and manage - I wrote a HOW-TO here: HOW-TO: Shoreline Firewall (Shorewall) 2.0.15 http://www.unofficial-support.com/artic ... /shorewall |
|
| Author: | gmt [ Mon Jan 24, 2005 1:13 am ] |
| Post subject: | |
I vote for FireHOL. Logical & simple. I couldnt figure out shorewall (at least the doco I saw). |
|
| Author: | asura [ Tue Jan 25, 2005 2:07 am ] |
| Post subject: | |
I've used Firestarter for awhile.. nice, simple, and has good customization and logging capabilities. |
|
| Author: | unixfool [ Tue May 10, 2005 8:01 pm ] |
| Post subject: | |
I recommend fwbuilder...very similar to the Checkpoint interface. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|