[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall script builders

On Thu, Sep 04, 2003 at 10:56:26AM -0700, Jeremy T. Bouse wrote:
> As the fwbuilder maintainer this makes me happy to know it's
> atleast being used... 

Everybody who asks me how to build a Linux-based firewall always got
fwbuilder recommended first. Some have looked at the output and thus
learned how the netfilter works but most of them still mainly use the
fwbuilder to maintain the iptables scripts.

> I'm curious about this as Vadim just released 1.0.11 last nite
> and I am working to get the packaging done quickly...

I'm still using a pinned version 1.0.5 on my Woody server. I had enough
problems running aptitude and fwbuilder on the same system due to
library problems (hmm, which one was that?). However on my development
system I have a most up-to-date unstable system and could well try out
the 1.0.11 version. At work we have a test system running 1.0.9 which is
even more unstable/buggy then the 1.0.5 in means of crashing. It might
be some localisation problem though - some applications on Gnome used to
have problems in a non-english (LANG=de) environment.

> If you could provide more information regarding this I would
> appreciate it and try to look into it with Vadim... I haven't seen
> this problem myself personally and I'll usually have fwbuilder up for
> quite some time tweaking, recompiling the rules, testing script on
> firewall and repeating until everything is as I want it...

Thanks a lot for your offer. I'm quite personally interested in fwbuilder 
and would like to help improving the package. If it wouldn't yet be a
.deb package I had surely made one. :)

> Only 50 rules? I think I have atleast 100 rules and that's just
> on the one interface... That's where fwbuilder has help'd me
> considerably in managing and prioritizing the rules themselves...

Bear with me - I'm used to Checkpoint. They have no written limit in
the number of rules but our most complex firewall features 400 rules
which makes the Checkpoint GUI more unstable than one-legged chair.

A short note on what is really a lack in the fwbuilder (perhaps fixed
since 1.0.9): it's a pain in the lower back that you cannot select a
column (destination for example), right-click and say "Add". The
drag'n'drop approach is nice but in a larger number of objects,
firewalls, interfaces and rules you can scroll I'll bet one day I will
accidentally unscrew my mouse-wheel. The Checkpoint GUI (which fwbuilder
is obviously derived from) makes this task more easy even allowing
searching for objects in this "Add" dialog by just typing its name. Just
a suggestion.

If we even had a working fwbd which allowed to distribute the firewall
scripts automatically that would be a blast.


".signature" [Modified] 3 lines --100%--                3,41         All

Reply to: