GUI for firewall rules [was: YDL and security settngs]

Alexander Holst yellowdog-general@lists.terrasoftsolutions.com
Mon Nov 24 03:15:03 2003 

FYI, there is a wonderfull tool called fwbuilder, which actually acts =20=

as a GUI for iptables (amoungst others like CISCO PIX ...). I used it =20=

to configure our firewall here. It is completely object oriented and =20
drag 'n drop, which means you can work with groups of hosts, networks =20=

or protocols for rulesets. Once you change a group, simply recompile =20
the output script - voil=E0.
It is available at:

http://www.fwbuilder.org/

In case anyone needs binaries in form of rpms for YDL 3.0, I could =20
provide them. I did successfully compile it on YDL 3.0, but had to use =20=

some libs from a RedHad distro, so maybe that's the reason for it not =20=

being very stable, but very usable if one saves the policy file =20
regularly (every now and then, it crashes, especially when the wrong =20
item is selected upon compiling the output).

In case there is a wishlist for programs / packages to be included in =20=

YDL distros in the future, this would get all my thumbs up for =20
including it. As its output is a shell script, you can always double =20
check the script before applying the rules, and customize the rules in =20=

case you disagree with fwbuilder's decisions about the setup of some =20
rules.

Am Sonntag, 23.11.03, um 16:48 Uhr (Europe/Berlin) schrieb =20
yellowdog-general-request@lists.terrasoftsolutions.com:

>> Message: 1
>> Date: Wed, 19 Nov 2003 15:15:44 -0700
>> From: Troy Vitullo <tvitullo@terrasoftsolutions.com>
>> To: yellowdog-general@lists.terrasoftsolutions.com
>> Subject: Re: YDL and security settngs
>> Reply-To: yellowdog-general@lists.terrasoftsolutions.com
>>
>> On Tue, 18 Nov 2003 23:26:56 -0500
>> Derick Centeno wrote:
>>
>>>  I've come across something which appears a bit odd and I'm =20
>>> wondering if
>>>  anyone has a solution to it.
>>>  I've come to notice that whenever I check the security parameters =20=

>>> of YDL
>>>  3.0; it is always set to the Highest priority although I had =20
>>> selected
>>>  other settings with options during the installation process.  In =20=

>>> turn
>>>  this also means that any downloads or calls to yum or even access =20=

>>> to the
>>>  net is curtailed by the rules set up by the firewall.  Also no =20
>>> matter
>>>  how I access the application to change security settings when I =20
>>> check
>>>  again, those setttings remain unchanged at the highest level as =20
>>> though I
>>>  made no changes or set no options.  Saving settings before a reboot =
=20
>>> is
>>>  of no help.  Accessing the web via Linux has become a chore rather =20=

>>> than
>>>  a joy, and I'm wondering what happened.  I have even tried fresh
>>>  re-installations of YDL 3.0 and I seem to come to the same point =
and
>>>  problem every time.
>>>
>>>  Any Ideas??? :-(
>>>
>>>  _______________________________________________
>>>  yellowdog-general mailing list
>>>  yellowdog-general@lists.terrasoftsolutions.com
>>>  =20
>>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-=20
>>> general
>>
>> Derick,
>>
>> That is a funny bug with the redhat-config-security (or whatever
>> it's called) app. It seems that the only way for YDL users
>> *currently* to configure security is to learn ipchains and iptables.
>> Not the preferred way to go.
>>
>> However, new RPMs will come out that solve this problem. No time =20
>> frame though.
>>
>> Notably, the same thing seems to happen with the time zone app if
>> you try to put your system clock on UTC.
>>
>> Troy
>>
>> -- __--__--=20
>
> Troy, Thanks for that sensible answer.  I have a reference text which
> covers ipchains and so forth.  At least I know that's the direction I
> have to go.  And someone was trying to convince me that Linux is user
> "friendly" -- Ha!!  It is the OS I prefer to use though, but not for
> "ease of use" reasons.  I didn't come to Linux for that.  Check out
> the comments of Bill Joy of Sun who explains his vision of Linux's
> place as compared to the MacOS X.
>
> http://maccentral.macworld.com/news/2003/11/20/joy/
>
> One could twist his comment to reflect that MacOS X, is for over the
> hill programmers within a few years of retirement.  But I cannot hold
> that view either as I REALLY want a G5 laptop or tablet.  In any
> event, I agree with Mr. Joy that Linux is for people with the energy
> to rewrite or rehack significant parts of code.  This is one more
> example where important parts remain undone, unexplored and
> unfinished... Linux is not an environment for the feint of heart or
> weak of mind or shoddy programming skills.  Unless of course, you
> don't mind becoming the butt of everybody's jokes just as -- what is
> that company which gave out core code for free and then is trying to
> sue people for using it, surpass it and if the reports are correct
> the Open Source community has already excised the code from nearly
> everything having to do with Open Source, because it is bad and
> archaic programming?  Oh Yeah, SOC, no COS, wrong again... SCO, yeah
> SCO....
>
> Well, back to ipchain rules I go...
> --=20
> Light flashing against Sky and Earth.
> Thoughts/Swords.
> Life's spark reborn.
>
> Carpe Diem
>
> Be well.
>
> Got Chi?

Greetings,
Alex


Alexander Holst
Pforzheim University of Applied Sciences
<holst [at] fh-pforzheim [dot] de>
ph: +49 [0]7231 28-6837
fx: +49 [0]7231 28-6040