Hi, On Thursday 24 November 2005 09:25, Randall R Schulz wrote:
Hi,
...
Try FirewallBuilder. It does what you want... http://www.fwbuilder.org/
To the person who sent this suggestion to Sunny and not the list (!), could you tell us a couple of things:
1) Compare and contrast this tool to Guarddog. 2) Say something about whether it would interact poorly with Guarddog (<http://www.simonzone.com/software/guarddog/>) if both were used (not concurrently, of course) to configure a local firewall?
So I installed Firewall Builder and played around a bit. It appears to be fairly sophisticated and, in accordance with the request, allows fine-grained control on per-host, per-address, per-interface basis. In fact, once I made my way to actually viewing / editing a firewall definition, I was immediately reminded of the Checkpoint firewall definition / configuration front-end. My feeling based on a very brief look is that it's distinctly more powerful than Guarddog and probably commensurately harder to learn to use (and perhaps easier to get things wrong). It's also clearly oriented towards administrators of larger system (e.g., intranets of many hosts) more than for single-system / desktop users. Given my general proclivities, I'd have to say this is my kind of program -- I'm a detail guy / control freak... What I'd like from it (and I'm not saying it's not there, just that if it is, I haven't discovered it yet) is a way to read one of its firewall configurations from an existing iptables setup. In other words, I'd like to be able to segue from my existing iptables as generated by Guarddog to one managed by Firewall Builder without manually recreating my existing firewall setup from scratch in Firewall Builder. Ah, here it is. From the Firewall Builder FAQ (at <http://www.fwbuilder.org/archives/cat_faq.htm>): -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- <http://www.fwbuilder.org/archives/cat_faq.html#AEN363>: 3. Building firewall policy 3.1. Is there any way to import iptables (or ipfilter, pf, ipfw or PIX) rules to Firewall Builder? No, currently there is no way to import existing firewall configuration into Firewall Builder -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- That's too bad. Nonetheless, I'll probably continue to explore this program and switch to it when I have the time to study it further or a specific need to extend my existing firewall setup. Fortunately, my Guarddog setup isn't all that complex, so it's probably not an onerous task to move that definition over to Firewall Builder. Randall Schulz