Firewall Builders

Date: Sat, 25 Mar 2006 12:41:19 -0800
To: svlug@lists.svlug.org
From: Rick Moen (rick@linuxmafia.com)
Subject: Re: [svlug] firewall utility

Quoting Ron Hinchley (ron@biovalid.com):

> Is there a good firewall utility to simplify the construction of a
> firewall and NAT. All I want is a basic firewall with some ports open
> inside the firewall but closed to the outside. Please advise.

GUI front-ends to iptables include Firewall Builder aka fwbuilder, GNOME lokkit, Fireflier, KDE kmyfirewall, Firestarter, Guarddog, Guidedog, gShieldConf, Knetfilter, Integrated Secure Communications System (ISCS), LutelWall, and Bifrost (proprietary).

Scripts and C programs that do it for you include Arno's IPTables-firewall, FIAIF, BullDog, gShield, ipkungfu, netscript, fireHOL, IPmenu, MonMotha's IPTables Firewall, Projectfiles.com Linux Firewall, rc.firewall (formerly Firewallscript), Ferm, AGT, shorewall, GIPTables, LinWiz firewall tools, YAFT's Another Firewall Tool, UIF, levy, Turtle Firewall Project, TuxFrw, lokkit (no longer maintained, except as a component of GNOME lokkit), and Uruk.

Or you can use NuOnce Networks's IPTables Rule Creator (proprietary) or Webmin (Web-mediated administrative tools for your system), or alternatively Easy Firewall Generator or PHP Firewall Generator (Web sites that write iptables rulesets).

Me, I just look at Rusty's Remarkably Unreliable Guides when I need to figure something out that I've forgotten:
http://people.netfilter.org/~rusty/unreliable-guides/
Especially useful bits:
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-4.html#ss4.1
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html

Good, quick tutorials linked from Rusty Russell's site:
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
http://www.unixreview.com/documents/s=1236/urm0104l/0104l.htm
http://davidcoulson.net/writing/lxf/14/iptables.pdf

--
Cheers,                   I have yet to see any problem, however complicated,
Rick Moen                 which, when you looked at it in the right way, did
rick@linuxmafia.com       not become still more complicated. -- Poul Anderson