Randall R Schulz wrote:
Hi,
On Thursday 24 November 2005 05:18, Sunny wrote:
On Thursday 24 November 2005 06:59, you wrote:
Sunny wrote:
Hi there,
I'm hunting for good firewall. What I need is precise control on per host base, i.e. I want to be able to control which host can comunicate with which over specific protocol, like:
host1 can accept ssh only from host3 only host2 can make http requests to host4, etc.
All this, combined with per zone rules :) and good user interface - either web, or console(text) for remote administration.
Any pointers?
Thanks
Try FirewallBuilder. It does what you want... http://www.fwbuilder.org/
To the person who sent this suggestion to Sunny and not the list (!), could you tell us a couple of things:
1) Compare and contrast this tool to Guarddog. 2) Say something about whether it would interact poorly with Guarddog (<http://www.simonzone.com/software/guarddog/>) if both were used (not concurrently, of course) to configure a local firewall?
Thanks
Randall Schulz
Hi Randall, You are right, and I apologize for not responding to the list directly. The problem is that every email sent to this list, comes with reply-to to the email sender, and we have to specifically fill another TO address. Sometimes i forget... Now, about your questions... Just remember that I am no iptables nor firewall guru so, others may help you more than I can. Now, about the Guarddog. I've compiled and ran the 2.4.0 and: It seems a nice tool but, i find it to much simpler and provided me with no extra tweaking, for example: - It doesn't allow you to redirect a certain port to a specific IP address. (I think its called forwarding) - You cannot have any rules, except full block or full allow for a specific port. - You cannot manage your rules by timeofday, day, etc... And there is a lot of other stuff. Check it out... This is my conclusion: If i wanted to just block ports to your my machine, i would use GuardDog. If i wanted extra stuff, which i do i would still use fwbuilder. About the second question, i think that is not a good idea for both of them to coexist. Hope it helps... -- Rui Santos http://www.ruisantos.com/