[Gllug] iptables setup tool
Matthew Kirkwood
matthew at hairy.beasts.org
Thu Aug 15 21:02:58 UTC 2002
On Thu, 15 Aug 2002, adr wrote:
> > > Looking for some pointers towards a good graphical tool for setting up
> > > iptables configuration files.
> Let me know if you find any :->
>
> I did mine by hand as I couldn't find any other way of doing it.
There are a variety of in-betweens. There are few GUI
tools because it doesn't take people too long to realise
that, at the "allow these packets" level, GUIs don't make
much sense.
If you insist, a quick search on sourceforge for "iptables"
found fwbuilder (http://www.fwbuilder.org/).
IMHO (see below to work out how much salt to take this
with) iptables is a (non-Turing-complete[0]) programming
language, and no programmer would consider a GUI which
forced her to use menus to insert an "if" and then fight
to put the various parts of such a construct in the right
place.
There are a lot of tools out there (including shell of
varying complexity and sophistication) which will turn a
fairly human-readable config into iptables rules. Again,
sf.net will find quite a few of these.
<plug>
One it won't find (unless it also searches freshmeat), is
mine. I made it because there I could find nothing at the
time which did a good job of respresenting a policy, rather
than a set of iptables(/etc) rules.
It still has a couple of problems (not least that I don't
have a regular user who will test masquerading[1]), but
is working very well for me in a variety of router, proxy
gateway and host configurations.
Please try it:
http://hairy.beasts.org/filter/
http://freshmeat.net/projects/filter/
</plug>
Matthew.
[0] Or, at least, not obviously so.
[1] This drunken rant is accessible only to subscribers :)
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list