fwbuilder or firestarter
Jeffrey F. Bloss
jbloss at tampabay.rr.com
Wed Dec 19 17:53:50 UTC 2007
jack wrote:
> I've been using firestarter in the past and have no complaints, but
> with the recent thread regarding firewall s/w, I looked up fwbuilder,
> and it seems as though this gives more granular control over the
> iptables rules than firestarter (it would also seem that I could
> learn more about iptables through fwbuilder). Would that be a fair
> assessment ? Are there other community people here using fwbuilder
> that have used firestarter and like fwbuilder better ?
/me holds up hand
Fwbuilder is definitely more "fine grained" and feature rich than
Firestarter, and you'll certainly have to learn more about iptables and
firewalls in general if you want to use it. ;)
I started out using Firestarter on a single machine (Under Fedora I
think), but found it rather "lacking" in some respects like being able
to define rate limiting rule sets like the "limit: avg 3/min burst 3" I
use for SSH to throttle the brute force attempts. I also had minor
trouble with Firestarter under Ubuntu (6.10?), getting rule sets to load
at boot time. Easily solved with a standard drop in init scripts and a
little iptables-save/restore magic, but that sort of got me into just
writing my own rules.
Recently I started using Fwbuilder to maintain 4 different firewalls,
but not the Fwbuilder version in the Ubuntu Repos. I grab all the
appropriate .deb's from the Fwbuilder site or...
http://sourceforge.net/project/showfiles.php?group_id=5314
In any case, be aware that Fwbuilder is a real leap forward from
Firestarter. Firestarter truly makes it easy for the neophyte to build
and maintain a local firewall, Fwbuilder is more of a heavyweight tool
to remotely administer dedicated firewalls, although the laptop I'm
using right now is running a Fwbuilder-maintained set of
iptables/netfilter rules too (I sometimes roam in hostile
environments). So it's certainly useful for "home users", just a bit of
overkill and potentially dangerous if you don't have a grip of basic
firewall mechanics.
Bottom line is, if you just want something you can block everything but
a few ports for P2P or something with then stay with Firestarter. If
you're interested in learning something or getting into any sort of
NAT/Masquerade, accounting, or remote admin (remote being across your
own home network too), then definitely take a look at Fwbuilder.
Install it and go to town. It's just a front end which generates shell
scripts that you can load as you please, or not. Do an iptables-save
backup of a working setup for "emergencies" and you'll be fine. ;)
--
\|/ Outside of a dog, a book is a man's best friend.
(o O) Inside of a dog, it's too dark to read.
-oOO-(_)-OOo-------------------------------[ Groucho Marx ]---
np: Red Hot Chili Peppers - Nevermind
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 557 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20071219/9c9e1866/attachment.sig>
More information about the ubuntu-users
mailing list