Linux Today: Linux News On Internet Time.

Firewall Builder: an interview with Vadim Kurland

Apr 16, 2009, 09:02 (0 Talkback[s])
(Other stories by Marco Marongiu)

[ Thanks to steve hill for this link. ]

"For example, one of the most popular iptables GUI out there is Firestarter. It is ubiquitous, it ships with all major Linux distributions. Firestarter is nice simple GUI and it does the job right. However it is not very well suited for complex iptables policies because it can generate only very basic iptables rules. Also Firestarter can only manage the iptables policy on the same machine where it is running. As you can see, even though there is overlap in the functions between Firestarter and Firewall Builder, these tools are really intended for different audiences.

"There are also several Open Source projects that aim to provide a universal multi-platform firewall configuration language. One example is HLFH (High Level Firewall Language). The administrator can define firewall policy rules in terms of this abstract language and then translate them into a configuration of the target firewall. Generally, this is the same concept that Firewall Builder is based on, but with HLFH the user needs to learn yet another language and manage the firewall in a cycle similar to software development, where you write the code, compile it and then test and debug it."

Complete Story

Related Stories: