[wellylug] Configuring firewall

Daniel Pittman daniel at rimspace.net
Fri Feb 9 20:08:25 NZDT 2007


Cliff Pratt <enkidu at cliffp.com> writes:
> David Antliff wrote:
>> On 15/01/07, Cliff Pratt <enkidu at cliffp.com> wrote:
>
>>> Except that webmin (excellent though it may be) doesn't (or more
>>> correctly, didn't) do shorewall configs very well.
>>
>> I have had a lot of success using Firewall Builder (fwbuilder) with a
>> Devil Linux firewall. Fwbuilder takes a firewall abstraction that you
>> create (drag-n-drop) and compiles it into an iptables script (as well
>> as other firewall configs if you are using something different, like
>> PF).
>>
>> Devil Linux is a great firewall distro - it boots from CDROM (or USB
>> pendrive) and you can store the config on a write-protected medium
>> (such as floppy or USB pendrive). You set it up (menu driven, very
>> easy), lock down the config media, and off it goes. Integrating a
>> permanent firewall config is as simple as transferring the script
>> (e.g. with fwbuilder), setting a symlink, unprotecting the config
>> media, typing 'save-config', then protecting the config media.
>>
>> I don't use Shorewall but as it's a popular firewall distro I'm sure
>> fwbuilder can be used with it easily enough.
>
> I don't think so. Shorewall uses a bunch of configuration files and
> not a bunch of iptables commands. fwbuilder creates a bunch of
> iptables commnands, doesn't it? Just had a look at the site and I
> don't think it mentions Shorewall.

You are correct -- fwbuilder and Shorewall fill the same ecological
niche.  Both of them are abstractions over the basic iptables firewall
building process.

fwbuilder is popular because it provides a graphical interface, but is
otherwise mostly indistinguishable from every other firewall system out
there.

Regards,
        Daniel
-- 
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707        email: contact at digital-infrastructure.com.au
                 http://digital-infrastructure.com.au/




More information about the wellylug mailing list