Anyone use FWBuilder and Linux for their firewall?
Scooby Regular
Joined: Jan 2003
Posts: 932
Likes: 0
FWbuilder is absolutly brilliant!!!!
Linux Journal did a 2 part paper on this a few months ago and they rated it so highly I was expecting the pages to be stuck together.
I configure my IPTables by hand, but I did try FWBuilder once to see what script it spat out.
The result was brilliant. I was very impressed and I even tweaked my own script to incorporate a few ideas from that.
If you want I can scan in the full writeup from Linux Journal (yes I am sad and do keep all my old copies). It will be Monday now, as I don't have a scanner at home.
Verdict : A1
Linux Journal did a 2 part paper on this a few months ago and they rated it so highly I was expecting the pages to be stuck together.
I configure my IPTables by hand, but I did try FWBuilder once to see what script it spat out.
The result was brilliant. I was very impressed and I even tweaked my own script to incorporate a few ideas from that.
If you want I can scan in the full writeup from Linux Journal (yes I am sad and do keep all my old copies). It will be Monday now, as I don't have a scanner at home.
Verdict : A1
Scooby Regular
Joined: Jun 2000
Posts: 13,735
Likes: 0
You need to edit IPTables manually, which is a bit of a sod...
Add the following to drop all icmp
/sbin/iptables -A CUSTOMINPUT -i <<RED DEVICE HERE>> -p icmp -j DROP
To drop pings, just add
/sbin/iptables -A CUSTOMINPUT -i <device> -p icmp --icmp-type 8 -j DROP
I think rc.firewall is the right place for these, or rc.local. Just remember to either reboot or source the script.
Add the following to drop all icmp
/sbin/iptables -A CUSTOMINPUT -i <<RED DEVICE HERE>> -p icmp -j DROP
To drop pings, just add
/sbin/iptables -A CUSTOMINPUT -i <device> -p icmp --icmp-type 8 -j DROP
I think rc.firewall is the right place for these, or rc.local. Just remember to either reboot or source the script.
Guest
Posts: n/a
Cheers guys.
Nick thats the whole reason I am giving up on ipcop cos its command line editing, I like it all to be gui based point and click
FWBuilder is gui based from I have seen although the setup might involve command line.
Gedi is that correct or is it easy enough for someone who knows nothing about command line to install and setup?
Nick thats the whole reason I am giving up on ipcop cos its command line editing, I like it all to be gui based point and click
FWBuilder is gui based from I have seen although the setup might involve command line.
Gedi is that correct or is it easy enough for someone who knows nothing about command line to install and setup?
Scooby Regular
Joined: Jan 2003
Posts: 932
Likes: 0
Its pretty simple to install. Basic ./configure, make, make install is all (if I remember correctly)
You will need a pretty good knowledge base of network protocols and network operations as there are a lot of buttons to click on
Oh, just a guess but you may need GTK installed for the GUI (again, can't remember exactly)
You will need a pretty good knowledge base of network protocols and network operations as there are a lot of buttons to click on
Oh, just a guess but you may need GTK installed for the GUI (again, can't remember exactly)
Trending Topics
its totally different to 4.1 
Bit over the top for home maybe!
Scooby Regular
Joined: Oct 2002
Posts: 184
Likes: 0
Have you tried Smoothwall? It is the original that IPCop project forked from. The latest version is pretty good, I have had one running on a client site for the last 2 years and it has only been rebooted a couple of times when I have applied patches.
Thread
Thread Starter
Forum
Replies
Last Post
