On 2019-02-28 2:25 a.m., Per Jessen wrote:
nftables is the latest evolution - we started out with ipchains (1999?), then iptables, now nftables (2014?). c't (German computer magazine) has done a couple of decent articles - in 2015 and quite recently, in january I think.
DO late-model kernels have nftables or are still iptables? As far as I can tell my 4.20 series kernel still has iptables. the 'apropos' command tels me about iptables commands but no nftables The ufw show raw seems to tell me about iptables.
But I'd be far more satisfied if someone would write a decent GUI interface to at least one of these things.
I think any GUI will also come with a straight jacket of assumptions (for good reason) - if you want out, you have to abandon the GUI.
As i observed about the Shorewall generation, when you dump (see above) the tables there is a complexity and 'grouping' that the algorithmic approach imposes, as Per says, a "straight jacket of assumptions", that adds a complexity that initially baffles me. It's not as bad as trying to debug someone else's FORTH code but neither is it something I can grok on the fly. You need to pay attention to the prioritization and 'chains'. Converting the 'chains' and priorities to a mind-map would be a good way of comprehending them. And, conversely, a mind-map like GUI for defining/generating then would also be useful. Hmmm. https://www.mindmeister.com/127522846/iptables https://www.mindmeister.com/956012853/iptables They seem to be about documenting iptables rather than designing a firewall Such a tool might well have to be web based to make the GUI easily programmable; I can see how it could be done in RAILS. Google for that ... hmm lots of interesting stuff, and not all of it purely web. - http://www.fs-security.com/ "Firestarter". Seems as much monitoring as configuration http://www.fs-security.com/docs/events-page.html Potential interest here. - there's a few that integrate into cPanel, but I think that's off on a tangent that is probably not of interest to Lew https://www.configserver.com/cp/csf.html - Jay’s Iptables Firewall (1.0.5 08/2005 Curses/Perl) Curses could be nice with SSH for remote admin. http://firewall-jay.sourceforge.net/ - Easy Firewall Generator for IPTables This is the is a web site generating your IPTables rules http://www.hideaway.net/iptables/ - Easychains Remarkable undocumented, not even screenshots https://sourceforge.net/projects/easychains/ - Guarddog - "Protecting your computer with a cute little dog." (enough make you throw up, isn't it?) http://www.simonzone.com/software/guarddog/ http://www.simonzone.com/software/guarddog/#screenshots Last development update in 2006 for KDE3/qt3 and it looks like Python Dead? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org