Forum OpenACS Q&A: experience with firewall tools...
I am looking for a firewall tool that allows me to easily administer
ports etc. Google gave me http://firestarter.sourceforge.net/
Any experience with firestarter or any other firewall tool???
I've never heard of Firestarter, though.
I never was able to get those firewalls talking to each other, so I tried SmoothWall. I had my first firewall working in 20 minutes, and that included downloading the code, burning a CD, installing a new hard drive, temporarily hooking a CD up, and running the install. It couldn't have been easier. Once I had two of them setup it took me about two hours to figure out how to connect them via IPSec, now that I am not making the same stupid mistakes it adds about five minutes per machine to connect them.
To call the creators of SmoothWall "mega jerks" is, however, awfully mild. Definitely Daniel Bernstein class. Fortunately, I doubt that there is much reason to care. When I was using the OpenBSD/IPFilter system I was running DJBDNS in them, which exposed me to more of Bernstein than the SmoothWall experience exposed me to Richard Morrell.
Another possibility that might make sense would be to use one of the Webmin tools to make IPChains or IPTables understandable. When I was starting this whole mess a year ago I don't think these were available, but there are several listed now on the Webmin site:
But SmoothWall is, by far, the easiest solution I've seen.
Van's right. If anyone wants to be amazed by a curmudgeony community, check out the Smoothwall FAQ pdf. They spend about 20 pages explaining why you're probably a donkey's butt for asking for a developer's help. It seems that most open source communities that are security focused are led by insane curmudgeons who just haven't found a local militia that's angry enough.
Anyway, the <a href=http://www.ipcop.org>IPcop (http://www.ipcop.org)</a>community is an offshoot of Smoothwall. These guys were sick and tired of dealing with the angry bastards who ran Smoothwall. Also, I think the Smoothwall guys wanted to start making money off of the code so they were playing games with the code they released under GPL. So, AFAIK, it's a fork of the Smoothwall.
I imagine Van's review of Smoothwall is reasonably accurate for IPcop, too.
it is great, and to the point. obviously the section on firewalls via ipchains is important, but you must remember that a firewall is only as good as its biggest hole, so the entire system needs to be secure. The guide at this url is a great explaination.