Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?
On Thursday, 1 March 2018 17:58:44 GMT Tom H wrote: > On Wed, Feb 28, 2018 at 4:15 PM, Walter Dneswrote: > > Is there something besides iptables? It seems to be like > > systemd/perl/python, continuously expanding its scope. And no, I'm not > > looking for an "easy-peasy front-end gui" that'll probably pull in 90% > > of QT as dependancies. I fondly remember IPCHAINS. > > iptables doesn't depend on systemd, perl, or python. > > firewalld depends on dbus, polkit, and python. > > ufw depends on python. > > But there may be other iptables frontends that depend on more, > especially if they are graphical. > > The advantage of iptables frontends is that you only have to allow > "your" ports (for a minimal customization) without having to worry > about all the other stuff that you need to set up when you use > iptables directly. > > I've used apf, arno, and ufw. The first two depend on bash and simply > require you to set variables in "/etc/$firewall/". +1 for net-firewall/arno-iptables-firewall if you need a script to set up iptables for you. I am using vanilla iptables with simple hand-made scripts on a number of systems, so it shouldn't be too difficult to roll your own if your demands are relatively simple. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?
On Wed, Feb 28, 2018 at 4:15 PM, Walter Dneswrote: > > Is there something besides iptables? It seems to be like > systemd/perl/python, continuously expanding its scope. And no, I'm not > looking for an "easy-peasy front-end gui" that'll probably pull in 90% > of QT as dependancies. I fondly remember IPCHAINS. iptables doesn't depend on systemd, perl, or python. firewalld depends on dbus, polkit, and python. ufw depends on python. But there may be other iptables frontends that depend on more, especially if they are graphical. The advantage of iptables frontends is that you only have to allow "your" ports (for a minimal customization) without having to worry about all the other stuff that you need to set up when you use iptables directly. I've used apf, arno, and ufw. The first two depend on bash and simply require you to set variables in "/etc/$firewall/".
Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?
Am Wed, 28 Feb 2018 16:15:59 -0500 schrieb "Walter Dnes": > Is there something besides iptables? It seems to be like > systemd/perl/python, continuously expanding its scope. And no, I'm > not looking for an "easy-peasy front-end gui" that'll probably pull > in 90% of QT as dependancies. I fondly remember IPCHAINS. I don't know what you're looking for exactly. If you want a command line tool for configuring your firewall with an easier syntax than iptables you could try ufw. I don't know nftables, yet, but from what I read so far they seem to got their inspiration from ufw's syntax. ufw itself uses iptables and generates iptables rules. Principally all those firewall tools do the same. They configure the kernel's own firewall netfilter. And most if not all of those tools use themselves iptables which is besides nftables the official tool for configuring netfilter. Fun fact: iptables is the successor of ipchains. And it's a very long time ago that ipchains was replaced by iptables.
Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?
On Wed, Feb 28, 2018 at 1:15 PM, Walter Dneswrote: > Is there something besides iptables? It seems to be like > systemd/perl/python, continuously expanding its scope. And no, I'm not > looking for an "easy-peasy front-end gui" that'll probably pull in 90% > of QT as dependancies. I fondly remember IPCHAINS. shorewall seems to be the most powerful one. Lots of documentation, configured via text files. firehol is much simpler to use, but less well documented and the mailing list doesn't show much life. None has any useless GUI. I find both usable. I would just use iptables if I were iptables-wise enough. Cheers Jorge Almeida