[geeks] Re: [rescue] RFA: firewall
dougmc+sunhelp at frenzy.com
Mon Jan 10 16:24:38 CST 2005
On Mon, Jan 10, 2005 at 03:02:47PM -0500, Sandwich Maker wrote:
| " http://www.fwbuilder.org/
| fwbuilder [currently 2.0.4] can also build ipf and probably ipchains
| config files - just about every flavor afaik. they only have linux
| bins at their site iirc.
fwbuilder rocks. I don't normally gush about GUI stuff, but fwbuilder
takes a rather complicated procedure and puts a GUI around it in a
completely appropriate manner.
Even better, when you build your firewall rules, they're independant
of any specific firewall setup. When you're done, you hit `compile',
and it generates a script that enables the given firewall rules for
your chosen firewall type. (The script is just a shell script, and
can run without fwbuilder.) If you want to run it for a different
type, just change the type, hit `compile' and voila ...
So you install fwbuilder on your `build' box, set up your firewall
rules, hit compile, copy the file to your bare-bones firewall, run it,
test your rules. As changes are made, you compile again, copy the
file to the firewall, and run it.
1.1. What firewall platforms are supported ?
We support iptables (Linux kernels 2.4.x and 2.6.x). Linksys firewall
appliance WRT-54G/GS running Sveasoft ( http://www.sveasoft.com/ )
firmware is also supported. As of version 1.0.1 we support ipfilter
(available for variety of OS, including FreeBSD, OpenBSD, Solaris and
others) and added support for pf (OpenBSD 3.0). Version 1.0.10 and
later support ipfw. Support for Cisco PIX is available as a commercial
product, see http://www.netcitadel.com/
(I could have sworn that the free version supported Cisco PIX. Maybe
it did, but doesn't now ...)
Also, it handles things like NAT tables and port redirections and the
like. I strongly suggest using it for any non-trivial firewall.
Doug McLaren, dougmc at frenzy.com
"More hay, Trigger?" "No thanks, Roy, I'm stuffed!"
More information about the rescue