GUI Front End for netfilter/iptables

Any recommendations on a GUI front end (both set-up and log viewing) for netfilter/iptables?

Any recommendations for a good Linux firewall (GUI based) in general?



Reply to
Loading thread data ...


formatting link

Apart from proprietary solutions like Checkpoint FW1 all Linux packet filters running kernel 2.4.x or 2.6.x use netfilter/iptables.

Some so called firewalls also offer proxies (often squid for http and ftp). The GUI is often web-based.

I'd recommend learning to use an editor.


Reply to
Wolfgang Kueter

Yes - don't use a GUI on a firewall. The only thing that should be running on the firewall is the firewall itself. NO general user accounts, no extras.

ALL firewalls in Linux are running the netfilter code that is part of the kernel. The applications such as you seek are merely front ends to configure the netfilter. They are not part of, or needed by the firewall.

The less stuff you have on a firewall, the less there is to be exploited. Setting up a firewall can be as simple as you wish to make it, or as complicated... your choice. A good place to start is the old Quickstart HOWTOs which should be part of your distribution.

278012 Jul 23 2002 Security-Quickstart-HOWTO 287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO

The first is general, the second aimed at Red Hat.

All "general" or "popular" Linux distributions come with their own firewall setup tool - nearly all GUIs. A search at google for the words 'Linux', 'firewall' and 'GUI' will turn up dozens more offerings. The problem with all of them is that they hide what they are doing - so _you_ don't know what is covered, and what isn't, and they only do what the application author thought would be interesting. If your requirements don't match the author's, then you're out of luck with that application, even if you don't know that..

As far as logging goes, once the firewall is set up and running, there is little need for logging. Initially, the logs will help you debug your setup, but once that is done most of the logging (some host in Korea or Kenya attempted to connect to a trojan that you don't have installed) is useless.

Old guy

Reply to
Moe Trin

I assume you use iptables rather than some proprietary stuff. There are a few GUI script generators that work quite nicely, such as fwbuilder or firestarter, or even the distribution configuration tools (such as Yast). It really depends which distribution and which WM you use.

Reply to
Mailman Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.