I've just started using Fwbuilder. It has a VERY nice graphical interface and can generate rules for a variety of platforms (including iptables). It stores the rules and objects in a platform independent fashion which unfortunitely means you can't just read in your old ruleset but once you've built your new one you could easily change your firewall platform (i.e. from Linux to some form of BSD) and just re-compile the rules for whichever system you need! The Linux/etc versions are free to use. The Windows version isn't free. Check out http://www.fwbuilder.org/ I've just built rules for our new firewall with 5 network interfaces with no trouble. Cheers -----Original Message----- From: suse@karsites.net [mailto:suse@karsites.net] Sent: Monday, 11 October 2004 11:02 p.m. To: suse-security@suse.com Subject: [suse-security] IPTables Firewall script Generator Hi all. Just found this in freshmeat daily news. http://www.links2world.org/doc/links2world-Firewall-HOWTO/index.html Still in development. Taken from the homepage: links2world Firewall is a very simple tool writen in C, that helps you generate iptables rules for Linux 2.4.x and newer kernels. Released under GNU General Public License, it is very easy to configure and designed to run on hosts with one or more network interfaces. Most of the existing iptables script generators are shell scripts. You have to dig in and to look through entire script in order to customize and configure it for your needs. Furthermore, they are able to generate iptables rules for one or maximum two network interfaces. On the other hand, links2world Firewall uses a very human readable configuration file that is very easy to understand and write. Still more, it does not matter if you have one, two, three or twenty network interfaces, links2world Firewall is able to generate statefull iptables rulesets able to control the packet flows between all the networks your machine is connected to. May be of interest to anyone managing alot several NIC IF's. HTH - Keith Roberts -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here