KBTAG: kben10000062
URL: http://www.securityportal.com/lskb/10000050/kben10000062.html
Date created: 17/07/20000
Date modified: 24/08/20000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Firewall rule creation software
Keywords: Network/Firewall
Creating firewall rules is a difficult task, fortunately there are many software packages to assist you.
knetfilter 1.1.2
Knetfilter is a KDE 1.X frontend to iptables, used with Linux kernels 2.4.0 and up to manage the netfilter functions. It is possible to perform all standard and most "exceptional" system management of a complex firewall within the program. http://expansa.sns.it/knetfilter/
Some scripts for Red Hat Linux in rpm format: http://www.webideal.de/rh-isdn/downloads/.
A simple script that converts ipfwadm rules to ipchains rules, making migration a snap. The script is available at: http://users.dhp.com/~whisper/ipfwadm2ipchains/
Mason is an automated firewall rule generator for ipfwadm and ipchains. You load it up and it monitors the packets flowing through the machine, then based on that creates a set of rules to allow that type of activity (i.e. if your ftp into your server from a remote site it will allow that type of access in the rules it creates). A good tool for first time firewall admins, available from: http://users.dhp.com/~whisper/mason/.
Mklinuxfw is a Perl tool that aims to provide a variety of interfaces (CGI, KDE, command line, etc.) to creation of firewall rules. It currently supports a CGI interface and GTK is in progress. You can download it from: http://www.madhouse.org.uk/~red/framepage.phtml?/mklinuxfw/index.html.
fwconfig is a rather nice www based configuration utility for ipfwadm and ipchains. You can download it from: http://www.mindstorm.com/~sparlin/fwconfig.shtml.
xipfwadm is a Tcl/Tk application for X that simplifies the creation of ipfwadm rules. You can get it from: http://www.x25.org/xipfwadm.html.
An interesting site, has an online cgi to create firewall scripts, didn't work for me however (very slow). You can view it at: http://www.linux-firewall-tools.com/.
A graphical application written in Tcl/Tk. You can get it at: http://www.linux-kheops.com/pub/easyfw/easyfwGB.html.
DNi is an online cgi that helps you create firewall rulesets for ipfwadm. You can try it at: http://members.tripod.com/~robel/dni/.
Firestarter
Firestarter is a GUI to aid in the creation of firewalls, you can get it at: http://firestarter.sourceforge.net/.