Terry Porter writes:

> On Sun, 26 Oct 2008 00:14:00 +0200, Mart van de Wege wrote:
>>
>> Only niggle is the way it defines traffic direction. In order to define
>> *outgoing* traffic from LAN to Internet, you have to define it as
>> *incoming* traffic on the internal interface. Logical, when you think on
>> it for a bit, but not obvious at first sight.

>
> True, FwBuilder has forced me to re examine some of my IPTABLES concepts
> also.
>
> FwBuilder has also been a great learning tool for me.


It's a bit on the stupid side, to be fair.

The routing information is known to fwbuilder, it is easy to use that
to automatically figure out which interface is incoming and which is
outgoing for a particular rule.

But hey, all firewall systems have their niggles. I work with three
different systems professionally, and they all have aspects in which
they suck. Which is why fwbuilder impresses me so much, it's a small
project, and it manages to get almost everything right.

Mart

--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.