Entries : Category [ Security ]
Let's hope it keeps out the bad grrlz!
[OpenBSD]  [Random]  [Security]  [Hardware]  [MacPPC]  [SPARC]  [MobileCows]  [fedora]  [desktop]  [windows]  [macosx]  [redhat] 

06 September

Easy firewall generator

or how a dumb could set up a firewall

I've been using OpenBSD for firewalls since the time of ipf (ipfilter,from Darren Reed), and it is the perfect solution for me. PF is incredible powerful and it has the easiest configuration approach i've ever seen.

But, from time to time, i always find someone that tells me the benefits of some systems like Astaro Secure Linux or Smoothwall among others. This kind of systems provide administrators with an easy-to-use, shiny-for-the-eyes web interface, where they can set up firewall rules, check logs, generate some graphics, etc.

Just some days ago, r0sk posted here about that, and if there is some alternative to that, on top of OpenBSD and PF. Now I would like to ask if anyone have see the easy firewall generator for iptables and if it is there anything similar for PF.

Personally, I do not like such things, because they limit what you will be able to do with your firewall, and if they do not limit you, they are a completely mess. I mean, in a very complete firewall web interface, finding what you need to create a binat rule, or to set up a transparent bridging firewall could be a seriously difficult job.

With PF, it is as easy as add a little bunch of lines to a single file, and you are done.

Anyway, I think that something like the efg could be very interesting for newbies. It is easy, it allows you to set the most basic options for a firewall, and then it generates for you a basic script (all the basic an iptables script could be) to get your firewall up and running.

That could be helpful in the case of PF, as i've said before, to newbies, because they could create pf.conf files to check them later and learn, for example, how to create single filter rules.

Of course, having such a thing in the PF users guide would be nice too, letting users to generate a pf.conf that could be used as a base to build the pf.conf file they need.

So, finally, anybody knows if there is something similar for PF? and, if not, anybody could be interested in helping create a simple script to do it? (seems like a perfect project for my new ZopeCode site!) (SPANX!) ;D

Posted by wu at 11:39 | Comments (0) | Trackbacks (0)