On 2008-10-26, Terry Porter wrote:
> On Sat, 25 Oct 2008 20:50:39 +0000, Gregory Shearman wrote:
>
>> On 2008-10-25, Terry Porter wrote:
>>> How to administer IPTABLES rulesets remotely using Linux.
>>
>> Hmmm.. remote is the only way I can do it on my WRT54GL.
>
> Yes, one can't (easily) just install the latest hot IPTABLES "genius
> firewall builder" on an embedded platform, even if you *do* have the
> memory resources free.
>
> FwBuilder gives you the freedom to use a full blown GUI object oriented
> IPTABLES designer locally, and upload it via SSH to the target machine,
> automatically.
>
> All rulesets are kept on the local workstation where they can be
> versioned by FwBuilder etc.
>
> Flatfish will never be able to use it tho, as FwBuilder doesn't use
> Telnet, and we all have seen his obsession with Telnet recently.

GentooPenguin$ eix fwbuilder

* net-firewall/fwbuilder
Available versions: 2.0.12 ~2.1.13-r2 ~2.1.14 ~2.1.18 {nls}
Homepage: http://www.fwbuilder.org/
Description: A firewall GUI

* net-libs/libfwbuilder
Available versions: 2.0.12 ~2.1.13-r1 ~2.1.14 ~2.1.18 {snmp ssl stlport}
Homepage: http://www.fwbuilder.org/
Description: Firewall Builder 2.1 API library and compiler framework

Found 2 matches.

Yep. Gentoo has it. 2.0.12 is listed as x86 stable.

Looks good! I might consider it when I get a few quiet moments.
>
>>
>> I just use script files and manually add or delete rules if needed for
>> testing or special occasions.
>
> I think you'd love Fwbuilder
>
> From the website at: http://www.fwbuilder.org/
>
> Firewall Builder is a GUI firewall configuration and management tool that
> supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA)
> and Cisco routers extended access lists. Firewall Builder uses object-
> oriented approach, it helps administrator maintain a database of network
> objects and allows policy editing using simple drag-and-drop operations.
>
> FwBuilder is available for all main Linux distros (rpms, debs etc) and as
> a tarball.

The beauty of raw IPTABLES is that everything follows a logical course.
It reminds me somewhat of procmail rulesets, with the packet entering
the top of the ruleset and trickling its way down, maybe being altered
on its course, until it is either dumped or passed.

It's not difficult when you approach it as a programming problem.

--
Regards,

Gregory.
Gentoo Linux - Penguin Power

On Sun, 26 Oct 2008 01:30:59 +0000, Gregory Shearman wrote:



> GentooPenguin$ eix fwbuilder

> Yep. Gentoo has it. 2.0.12 is listed as x86 stable.
>
> Looks good! I might consider it when I get a few quiet moments.

gronk1 linux # eix fwbuilder
[U] net-firewall/fwbuilder
Available versions: 2.0.12 (~)2.1.13-r2 (~)2.1.14 (~)2.1.18 {nls}
Installed versions: 2.1.14(20:04:08 10/04/08)(nls)
Homepage: http://www.fwbuilder.org/
Description: A firewall GUI

[U] net-libs/libfwbuilder
Available versions: 2.0.12 (~)2.1.13-r1 (~)2.1.14 (~)2.1.18 {snmp
ssl stlport}
Installed versions: 2.1.14(19:57:05 10/04/08)(snmp ssl -stlport)
Homepage: http://www.fwbuilder.org/
Description: Firewall Builder 2.1 API library and compiler
framework

I use and prefer the 2.1.X series. Its perfectly stable on this Linux
box:-
Linux gronk1 2.6.23-gentoo-r8 #1 SMP PREEMPT Sat Jun 7 01:24:52 EST 2008
i686 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz GenuineIntel GNU/Linux




> The beauty of raw IPTABLES is that everything follows a logical course.
> It reminds me somewhat of procmail rulesets, with the packet entering
> the top of the ruleset and trickling its way down, maybe being altered
> on its course, until it is either dumped or passed.
>
> It's not difficult when you approach it as a programming problem.

It is for me, I'm an electronics tech, not a programmer





--
Linux full time, on the desktop, since August 1997

Terry Porter writes:

> On Sun, 26 Oct 2008 01:30:59 +0000, Gregory Shearman wrote:
>
>
>
>> GentooPenguin$ eix fwbuilder
>
>> Yep. Gentoo has it. 2.0.12 is listed as x86 stable.
>>
>> Looks good! I might consider it when I get a few quiet moments.
>

>
> I use and prefer the 2.1.X series.

Debian unstable recently rolled out the 3.x series. Two disappointments:

1. It no longer automatically opens the last policy you were editing.

2. It has moved the policy/NAT/Routing tabs from the main window to
the tree under Firewalls.

The last one I can understand, as you can use it to set up subpolicies
on the firewall, to approximate a zone-based rule model. The first one
I consider a regression.

Mart


--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.