firewall with real IP's
Oron Peled
oron at actcom.co.il
Sun Oct 17 23:28:35 IST 2010
On Sunday, 17 בOctober 2010 19:55:43 Hetz Ben Hamo wrote:
> * What would you recommend as a good firewall
1. In most cases, the firewall is really Linux kernel netfilter (iptables)
> (please, only the ones who are being updated and have docs. ipcop for
> example has old documents and you really need to "hunt" for some good
> instructions. Smoothwall is old [2007] and it's not being updated at all)
2. So the real questions are:
- What distribution should you use for your firewall?
- What good/maintained tools exist for firewall rule management?
3. Personally I've used fwbuilder as a managment application for some years:
- It is maintained.
- Has a GUI interface.
- Can remotely manage several different firewall.
- "Compile" the abstract firewall description into a low-level firewall
configuration script.
Note: it support compiling for other targets, e.g: BSD ipfilter,
but I've only used it with Linux.
- Can optionally run deployment script for you (deployment
via ssh is built in, no need for extra scripts)
- Version controlled data (via RCS ci/co)
- No web interface (but very good local gui which can deploy to
several firewalls in few clicks).
4. About the distro:
- Used Fedora on an old PC
- Now use Debian lenny on a CF installed in ALIX2d3
[http://www.pcengines.ch/alix2d3.htm) which is a ~150$ wonder
in itself.
BTW: For simple firewalls on single hosts (Fedora) I use
system-config-firewall -- it has GUI and is piece of cake
for common use cases (internal/extranl, no dmz, etc.)
It also generates an iptables script that is run when interface
goes up.
Bye,
--
Oron Peled Voice: +972-4-8228492
oron at actcom.co.il http://users.actcom.co.il/~oron
"Linux: like the air you breathe, ubiquitous and free"
More information about the Linux-il
mailing list