Re: The best GUI for ipchains and/or iptables?

From: Richard Kimber (rkimber@ntlworld.com)
Date: 05/22/02 

From: Richard Kimber <rkimber@ntlworld.com>
Date: Wed, 22 May 2002 15:56:52 +0100

On Wed, 22 May 2002 13:02:13 +0100, Tim Haynes wrote:

> Gratuitous plug: <http://spodzone.org.uk/packages/secure/iptables.sh>
> exists. Grab, edit, rejoice.

I'm sure it's very good - but only if you have the same setup using ppp.
The reason why people like a gui is that it asks straightforward questions
and tailors the rules to the answers given. Many people, like me, only
have a very simple setup and it isn't cost effective to learn iptables. On
the other hand, I agree that you must be very careful to check that the
gui does what you want it to do. As I understand it, the default version
of Firestarter has a not very well-known feature that it only closes those
ports that you ask it to from a list it presents to you. Most people
would probably assume that the default option would be to close everything
else.

I have still to encounter a gui or script for a single PC with a CM on
eth0, offering no external services, that obviously and clearly (by which
I mean that it says it in fairly simple language):
a) allows all local activity
b) allows in the ubr, dhcp & DNS servers
c) allows me to get out
d) allows in responses to activity initated by me (in c)
e) drops everything else unless I have specifically asked it not to
which I take to be what I would need for reasonable security. I might add
that it also should log sensibly - i.e not tell me about stuff I
shouldn't be worried about.
 
- Richard. 

-- 
Richard Kimber
Political Science Resources:       http://www.psr.keele.ac.uk/

http://www.psr.keele.ac.uk/docs/efaq.htm         UK-Euro FAQ

Relevant Pages

  • Re: The best GUI for ipchains and/or iptables?
    ... I'm sure it's very good - but only if you have the same setup using ppp. ... The reason why people like a gui is that it asks straightforward questions ... allows all local activity ... which I take to be what I would need for reasonable security. ...
    (comp.os.linux.security)
  • Re: The best GUI for ipchains and/or iptables?
    ... > I'm sure it's very good - but only if you have the same setup using ppp. ... It's not a major investment, you just look at a script, ... 100-rule GUI thing. ... > a) allows all local activity ...
    (comp.os.linux.security)
  • Re: The best GUI for ipchains and/or iptables?
    ... > I'm sure it's very good - but only if you have the same setup using ppp. ... It's not a major investment, you just look at a script, ... 100-rule GUI thing. ... > a) allows all local activity ...
    (comp.os.linux.security)
  • Re: Unattended Windows 2000 Pro install fails during final reboot
    ... During GUI mode setup, if you press SHIFT-F10, it'll drop you to a CMD ... verify the correct device and driver is loading. ... > hard disk is attached to a PCI mass storage controller (no built in Windows ...
    (microsoft.public.win2000.setup_deployment)
  • Re: Samba, netatalk and nfs, what is faster?
    ... > setup my samba, and nfs servers via GUI, the nfs looks ok, samba runs ... than most GUI config tools do ...
    (comp.os.linux.networking)