pros-n-cons at bak.rr.com
Tue Sep 23 14:53:17 UTC 2003
On Tue, 23 Sep 2003 04:02:42 -0400
Phillip Compton <pcompton at proteinmedia.com> wrote:
> Here is a list of tools that would be useful but do not exist yet:
> Firewall - configuration tool for IP Tables (something more finegrained
> than redhat-config-securitylevel)
> Has anyone at RedHat looked into working with the firestarter
> (http://firestarter.sourceforge.net/) people? Package available for RH9
> and Severn from fedora.us
Thank you, I was looking for those config-tools guidelines yesterday. Wasn't
sure if tools had to be written in pygtk (darn, I don't know PY).
Before I learned how to write IPtables rules Firestarter was excellent.
(still used as my base) Unfortunatly, the interface doesn't appear to follow
the same HIG as the others. Also its written in C not py so It can't be a config-tool.(?)
If someone decides to write this I have a few things I'd like to see in it like
string matching which I think may still be an experimental module? So it could
have program egress filters somewhat like all the windows firewalls do:
foo application is attempting to access 10.10.1.100 or atleast show up in syslog.
Performance takes a very big hit from this module but an informative option couldn't hurt.
For the rest of the stuff, Firestarter should be the inspiration.
They do alot of things really well like being able to add/remove rules on the fly,
NAT, setup wizards and good IPtables work.
More information about the devel