[Gllug] iptables setup tool

Matthew Kirkwood matthew at hairy.beasts.org
Thu Aug 15 21:02:58 UTC 2002


On Thu, 15 Aug 2002, adr wrote:

> > > Looking for some pointers towards a good graphical tool for setting up
> > > iptables configuration files.

> Let me know if you find any :->
>
> I did mine by hand as I couldn't find any other way of doing it.

There are a variety of in-betweens.  There are few GUI
tools because it doesn't take people too long to realise
that, at the "allow these packets" level, GUIs don't make
much sense.

If you insist, a quick search on sourceforge for "iptables"
found fwbuilder (http://www.fwbuilder.org/).

IMHO (see below to work out how much salt to take this
with) iptables is a (non-Turing-complete[0]) programming
language, and no programmer would consider a GUI which
forced her to use menus to insert an "if" and then fight
to put the various parts of such a construct in the right
place.

There are a lot of tools out there (including shell of
varying complexity and sophistication) which will turn a
fairly human-readable config into iptables rules.  Again,
sf.net will find quite a few of these.

<plug>
One it won't find (unless it also searches freshmeat), is
mine.  I made it because there I could find nothing at the
time which did a good job of respresenting a policy, rather
than a set of iptables(/etc) rules.

It still has a couple of problems (not least that I don't
have a regular user who will test masquerading[1]), but
is working very well for me in a variety of router, proxy
gateway and host configurations.

Please try it:
	http://hairy.beasts.org/filter/
	http://freshmeat.net/projects/filter/
</plug>


Matthew.

[0] Or, at least, not obviously so.
[1] This drunken rant is accessible only to subscribers :)


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list