On Thursday 24 November 2005 19:28, Randall R Schulz wrote:
So I installed Firewall Builder and played around a bit. It appears to be fairly sophisticated and, in accordance with the request, allows fine-grained control on per-host, per-address, per-interface basis. In fact, once I made my way to actually viewing / editing a firewall definition, I was immediately reminded of the Checkpoint firewall definition / configuration front-end.
My feeling based on a very brief look is that it's distinctly more powerful than Guarddog and probably commensurately harder to learn to use (and perhaps easier to get things wrong). It's also clearly oriented towards administrators of larger system (e.g., intranets of many hosts) more than for single-system / desktop users. Given my general proclivities, I'd have to say this is my kind of program -- I'm a detail guy / control freak...
What I'd like from it (and I'm not saying it's not there, just that if it is, I haven't discovered it yet) is a way to read one of its firewall configurations from an existing iptables setup. In other words, I'd like to be able to segue from my existing iptables as generated by Guarddog to one managed by Firewall Builder without manually recreating my existing firewall setup from scratch in Firewall Builder.
Randall Schulz
After using firewall builder for years on all kinds of firewalls, I still think it is simple the best there is (Including the mega-bucks systems). I highly suggest every one to give it a fair try. Unfortunately, during the big release (change to QT GUI kit), FWBuilder lost it's wizards. The new wizards are just not to the Newbie level yet. This unfortunate happenstance has introduced a learning curve, that was not there before. The Application has an artistic blend, of simplicity and configurerability built around a simple "You Get What You Want" design. By this I mean you do not think/define iptable-rules, but think/define what the system should do / allow. The program then generates commented iptable (and other firewall technology) scripts that you can run on any machine. There is a huge community following, with a lot of real-world (or are they out-of-this-world) firewall Gurus who actually check the generated scripts against definitions more complex than usefull. (IMHO) Please note that fwbuilder is not a firewall! ========================= It is a firewall builder. ============= It generates scripts which are then loaded onto the firewall boxes. This separation has both advantages and disadvantages: - As a plus, it has unbelievable flexibility. With the proper generation modules loaded, you can generate CISCO firewall scripts, and the same firewall as iptables scripts for a backup floppyfirewall / Linux and/or BSD system). Such flexibility not available anywhere else. (Not at any price!) - As a minus, the user interaction expected from modern windows firewalls (ie. a pop "Program XXX is attempting to access internet allow/deny change firewall rule"), is not possible in this configuration. It has a "design -> generate -> install" flow which is built into the basic concept. So my recommendation is FWBuilder for all firewalls (Including some firewall hardware boxes) for networks of all sizes. I have yet to see a linux workstation firewall ala Windows with dynamic rules via pop-ups, etc. So no recommendation Single workstation firewalls. Jerry P.S. No I am not in anyway or form related to the FWBuilder project, just extreemely impressed with the solution.