tkfirewall 0.9 - category-based IP filter configuration GUI

To: debian-firewall@lists.debian.org (Debian Firewall)
Subject: tkfirewall 0.9 - category-based IP filter configuration GUI
From: joey@finlandia.Infodrom.North.DE (Martin Schulze)
Date: Fri, 16 Apr 1999 11:11:51 +0200 (CEST)
Message-id: <[🔎] m10Y4f9-000avGC@finlandia.Infodrom.North.DE>

Hi,

I've found this announcement and wonder if it would be useful to
include it in Debian and combine it with the debian-firewall project.

Btw. is debian-firewall dead?

Regards,

	Joey

>Path: indrom!uniol!fu-berlin.de!masternews.telia.net!news.algonet.se!newsfeed1.telenordia.se!algonet!newsfeed1.funet.fi!news.helsinki.fi!not-for-mail
>From: Olaf Dabrunz <dabrunz@santana.rrz.uni-hamburg.de>
>Newsgroups: comp.os.linux.announce
>Subject: tkfirewall 0.9 - category-based IP filter configuration GUI
>Followup-To: comp.os.linux.misc
>Date: Fri,  2 Apr 1999 10:04:39 GMT
>Organization: none
>Lines: 70
>Approved: linux-announce@news.ornl.gov (Mikko Rauhala)
>Message-ID: <pycola.923047479.1300@revelation.bak.helsinki.fi>
>NNTP-Posting-Host: vision-isdn.bak.helsinki.fi
>Old-Date: Tue, 30 Mar 1999 18:33:22 +0200
>X-No-Archive: yes
>X-Auth: PGPMoose V1.1 PGP comp.os.linux.announce
>	iQCVAgUBNwSWOVrUI/eHXJZ5AQGcLgQAtw7JrcT8HX3VlgGL5pZwtUZs5DwYesPc
>	+AuqiZLa2f3kSklIaxuF1tUYa6hQiTRd1IKde2q21DGWlXfLBelbrNDAvzkPIXsL
>	nbNR6kCd9oJCFAmF6yKgk1JQhBQs3jgM/77m28k1C0uvx3ALccsg9U+I1Xfg6UTU
>	AbFvIEClbWk=
>	=YpPj
>Xref: indrom comp.os.linux.announce:11302

-----BEGIN PGP SIGNED MESSAGE-----


The initial release of the firewall configuration package TKFirewall
is available for download from

      ftp://sunsite.unc.edu/pub/Linux/

TKFirewall was designed to give the administrator full control over Linux'
network filters.  The distribution includes a GUI that was designed to provide
easy control over filter settings while using categories to make handling of
filter groups easier. The filter categories allow the administrator to gain an
overview over the overall structure, and to work on only a subset of the
filters at a time without being confused by long filter lists. Of course,
the GUI is build to visualize input, forwarding and output filters at the same
time, so that a packet's path through these fitlers can be followed easily.

The firewall configuration can be saved as either a firewall script or as a
"dump file" that can be loaded to continue working on the configuration.  The
firewall script contains any comments that were entered as filter descriptions
in the GUI. Thus, the final result can be used without the GUI. It is also
possible for the administrator to cross-check the filter configuration (with
other tools or manually).

The firewall script makes provisions not to temporarily allow all traffic
through the firewall while the script is running. (Only name services are being
let through).

Another part of the package is the firewall scanner. This scanner is the
prototype of a general-purpose firewall setup program. The basic idea is to
set up rules for the scanner once. Then, after the network configuration
of the firewall machine or the filtered services have changed (such as
IP-addresses together with host-names, ports, interfaces, routes, offered
services...), the scanner is run again and reconfigures the firewall auto-
matically (it provides this information to the GUI, which in turn generates
the firewall script by the push of a button).

As of now, the scanner only recognizes a limited choice of network
configurations. More analysis needs to be done about the requirements for the
scanner and about the configuration rule-set features accordingly. Also, the
scanner will need a GUI on top of that (the whole point of this is *easy*
administration, after all).

I will do more research and implementation here if enough people (you :) ask me
for that.

Please send mail! (If possible, include ideas, bug descriptions, wanted
features, encourangement - anything!)

Olaf Dabrunz



- -- 
This article has been digitally signed by the moderator, using PGP.
http://www.iki.fi/mjr/cola-public-key.asc has PGP key for validating signature.
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.
This group is archived at http://www.iki.fi/mjr/linux/cola.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAgUBNwSWN1rUI/eHXJZ5AQE0LwQAuhI6iH1az68Lru/e/PKlTOv75u4Xxdvx
LpumboAOlF06UfmTKEdh8R0v0jW4MhnqRU9mqO+iPrsxJTyU0LiBWEaayHLFHb4U
VCHNYDF5jCrDyiK/QC3PXeFwc8QRYJ2Tu6FlfsPwXu0T0OLJ2CtLSZC25fMdziNA
o6n0oucf9/U=
=Aq1g
-----END PGP SIGNATURE-----
-- 
We all know Linux is great... it does infinite loops in 5 seconds.
        - Linus Torvalds

Reply to:

Prev by Date: Re: not using debian as firewall!
Next by Date: need help with configuring ethernet cards
Previous by thread: Re: not using debian as firewall!
Next by thread: need help with configuring ethernet cards
Index(es):
- Date
- Thread