[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is a good firewall tool?

On Sun, May 04, 2003 at 01:41:49PM +1000, Jonathan Oxer wrote:
> manage a number of firewalls on our network using fwbuilder, and a
> little while ago I printed out the iptables script generated for one of
> them, and the script was 32 pages long. When you've got a network that's
> less trivial than a couple of boxes on a DSL connection, a good GUI can
> help you keep track of what's going where.

On the other hand, it is extremely damgerous to rely on those setups. I also
know those boxes. A while back I used to use "fwctl" (maintained by me but
ipchains) for the task. The list of rules are similiar long. But fwctl has
some problems with special types of rules, ordering als "classes" of
objects. If you are not very carefull, the rules might not look like you
expect. and if you have 32 pages, you can never audit or understand them.

I am currently checing fwbuilder for those kinds of problems, will report
back. But anyway by all means: KISS.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: