Re: Firewall and Laptop

[Derek Broughton <derek@pointerstop.ca>]

On Friday 31 December 2004 10:54, Bill Moseley wrote:
> Which of the firewall packages is closest to building iptables rules
> by hand?
>
> I, for one, prefer to have just one file that contains the iptables
> commands to build the firewall.  The front-end tools are nice but I

That's exactly what you get with Guidedog.  It creates a single script that 
will run on both ipchains and iptables, so it's at least twice the size it 
really needs to be, but once you've set up the script you could never bother 
to use guidedog again, if that's what turns your crank.  It's not reflexive 
though - I don't know of a firewall tool that can take a firewall script as 
_input_, so once you modify the script, you can't use the GUI tool any more 
without losing the hand edited changes.  If anyone does know such a tool I'd 
be willing to give it a try.

> feel like they make me learn about how to run their tool instead of
> how to work with iptables -- an obscuring layer, in effect.  It's also
> easier to understand (for me) when it's a simple hand-edited script
> that gets run out of init.d and /etc/networking/interfaces.

Well, ipchains was obscure enough.  Iptables is even more so.  I can't really 
see a good GUI being an "obscuring layer".
-- 
derek