Aleksandar Milivojevic escribió:
There's this system-config-security-level GUI application that is part of distribution. However it provides only very very very basic functionality. You can only specify ports to open (and than all traffic on those ports is allowed, both incomming and forwarded), and select trusted interfaces (all traffic comming from them is allowed). It doesn't even support NAT (AFAIK). For very simple firewall it may suffice.
There are much better 3rd party GUI interfaces, ranging from simple (for managing single firewall), to medium (managing multiple firewalls, but each separately) to complex (for managing multiple firewalls (and everything else security related) by using high level abstractions). Some I can think of, in no particular order would be:
- fwbuilder: http://www.fwbuilder.org/
- firestarter: http://www.fs-security.com/
- integrated secure communications system: http://iscs.sourceforge.net/
Yes. I already know the firt and the second. The third is new for me; I'll look into.
And of course, if you are not affraid of command line, you can always use firewall editors such as ed, vi, emacs or any other fine tool available out there (there's too many to choose from).
I totally agree with you. Before to use the friendly front-ends I learned about it with the classic way: man pages+shell editor (vi especially)
I'm sure folks on the list will have many many more suggestions.
Of course! All will be welcomed!