GUI for firewall rules [was: YDL and security settngs]
Alexander Holst
yellowdog-general@lists.terrasoftsolutions.com
Mon Nov 24 03:15:03 2003
FYI, there is a wonderfull tool called fwbuilder, which actually acts =20=
as a GUI for iptables (amoungst others like CISCO PIX ...). I used it =20=
to configure our firewall here. It is completely object oriented and =20
drag 'n drop, which means you can work with groups of hosts, networks =20=
or protocols for rulesets. Once you change a group, simply recompile =20
the output script - voil=E0.
It is available at:
http://www.fwbuilder.org/
In case anyone needs binaries in form of rpms for YDL 3.0, I could =20
provide them. I did successfully compile it on YDL 3.0, but had to use =20=
some libs from a RedHad distro, so maybe that's the reason for it not =20=
being very stable, but very usable if one saves the policy file =20
regularly (every now and then, it crashes, especially when the wrong =20
item is selected upon compiling the output).
In case there is a wishlist for programs / packages to be included in =20=
YDL distros in the future, this would get all my thumbs up for =20
including it. As its output is a shell script, you can always double =20
check the script before applying the rules, and customize the rules in =20=
case you disagree with fwbuilder's decisions about the setup of some =20
rules.
Am Sonntag, 23.11.03, um 16:48 Uhr (Europe/Berlin) schrieb =20
yellowdog-general-request@lists.terrasoftsolutions.com:
>> Message: 1
>> Date: Wed, 19 Nov 2003 15:15:44 -0700
>> From: Troy Vitullo <tvitullo@terrasoftsolutions.com>
>> To: yellowdog-general@lists.terrasoftsolutions.com
>> Subject: Re: YDL and security settngs
>> Reply-To: yellowdog-general@lists.terrasoftsolutions.com
>>
>> On Tue, 18 Nov 2003 23:26:56 -0500
>> Derick Centeno wrote:
>>
>>> I've come across something which appears a bit odd and I'm =20
>>> wondering if
>>> anyone has a solution to it.
>>> I've come to notice that whenever I check the security parameters =20=
>>> of YDL
>>> 3.0; it is always set to the Highest priority although I had =20
>>> selected
>>> other settings with options during the installation process. In =20=
>>> turn
>>> this also means that any downloads or calls to yum or even access =20=
>>> to the
>>> net is curtailed by the rules set up by the firewall. Also no =20
>>> matter
>>> how I access the application to change security settings when I =20
>>> check
>>> again, those setttings remain unchanged at the highest level as =20
>>> though I
>>> made no changes or set no options. Saving settings before a reboot =
=20
>>> is
>>> of no help. Accessing the web via Linux has become a chore rather =20=
>>> than
>>> a joy, and I'm wondering what happened. I have even tried fresh
>>> re-installations of YDL 3.0 and I seem to come to the same point =
and
>>> problem every time.
>>>
>>> Any Ideas??? :-(
>>>
>>> _______________________________________________
>>> yellowdog-general mailing list
>>> yellowdog-general@lists.terrasoftsolutions.com
>>> =20
>>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-=20
>>> general
>>
>> Derick,
>>
>> That is a funny bug with the redhat-config-security (or whatever
>> it's called) app. It seems that the only way for YDL users
>> *currently* to configure security is to learn ipchains and iptables.
>> Not the preferred way to go.
>>
>> However, new RPMs will come out that solve this problem. No time =20
>> frame though.
>>
>> Notably, the same thing seems to happen with the time zone app if
>> you try to put your system clock on UTC.
>>
>> Troy
>>
>> -- __--__--=20
>
> Troy, Thanks for that sensible answer. I have a reference text which
> covers ipchains and so forth. At least I know that's the direction I
> have to go. And someone was trying to convince me that Linux is user
> "friendly" -- Ha!! It is the OS I prefer to use though, but not for
> "ease of use" reasons. I didn't come to Linux for that. Check out
> the comments of Bill Joy of Sun who explains his vision of Linux's
> place as compared to the MacOS X.
>
> http://maccentral.macworld.com/news/2003/11/20/joy/
>
> One could twist his comment to reflect that MacOS X, is for over the
> hill programmers within a few years of retirement. But I cannot hold
> that view either as I REALLY want a G5 laptop or tablet. In any
> event, I agree with Mr. Joy that Linux is for people with the energy
> to rewrite or rehack significant parts of code. This is one more
> example where important parts remain undone, unexplored and
> unfinished... Linux is not an environment for the feint of heart or
> weak of mind or shoddy programming skills. Unless of course, you
> don't mind becoming the butt of everybody's jokes just as -- what is
> that company which gave out core code for free and then is trying to
> sue people for using it, surpass it and if the reports are correct
> the Open Source community has already excised the code from nearly
> everything having to do with Open Source, because it is bad and
> archaic programming? Oh Yeah, SOC, no COS, wrong again... SCO, yeah
> SCO....
>
> Well, back to ipchain rules I go...
> --=20
> Light flashing against Sky and Earth.
> Thoughts/Swords.
> Life's spark reborn.
>
> Carpe Diem
>
> Be well.
>
> Got Chi?
Greetings,
Alex
Alexander Holst
Pforzheim University of Applied Sciences
<holst [at] fh-pforzheim [dot] de>
ph: +49 [0]7231 28-6837
fx: +49 [0]7231 28-6040