Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?

[Mick]

On Thursday, 1 March 2018 17:58:44 GMT Tom H wrote:
> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes  wrote:
> > Is there something besides iptables? It seems to be like
> > systemd/perl/python, continuously expanding its scope. And no, I'm not
> > looking for an "easy-peasy front-end gui" that'll probably pull in 90%
> > of QT as dependancies. I fondly remember IPCHAINS.
> 
> iptables doesn't depend on systemd, perl, or python.
> 
> firewalld depends on dbus, polkit, and python.
> 
> ufw depends on python.
> 
> But there may be other iptables frontends that depend on more,
> especially if they are graphical.
> 
> The advantage of iptables frontends is that you only have to allow
> "your" ports (for a minimal customization) without having to worry
> about all the other stuff that you need to set up when you use
> iptables directly.
> 
> I've used apf, arno, and ufw. The first two depend on bash and simply
> require you to set variables in "/etc/$firewall/".

+1 for net-firewall/arno-iptables-firewall if you need a script to set up 
iptables for you.

I am using vanilla iptables with simple hand-made scripts on a number of 
systems, so it shouldn't be too difficult to roll your own if your demands are 
relatively simple.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?

[Tom H]

On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes  wrote:
>
> Is there something besides iptables? It seems to be like
> systemd/perl/python, continuously expanding its scope. And no, I'm not
> looking for an "easy-peasy front-end gui" that'll probably pull in 90%
> of QT as dependancies. I fondly remember IPCHAINS.

iptables doesn't depend on systemd, perl, or python.

firewalld depends on dbus, polkit, and python.

ufw depends on python.

But there may be other iptables frontends that depend on more,
especially if they are graphical.

The advantage of iptables frontends is that you only have to allow
"your" ports (for a minimal customization) without having to worry
about all the other stuff that you need to set up when you use
iptables directly.

I've used apf, arno, and ufw. The first two depend on bash and simply
require you to set variables in "/etc/$firewall/".

Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?

[Heiko Baums]

Am Wed, 28 Feb 2018 16:15:59 -0500
schrieb "Walter Dnes" :

>   Is there something besides iptables?  It seems to be like
> systemd/perl/python, continuously expanding its scope.  And no, I'm
> not looking for an "easy-peasy front-end gui" that'll probably pull
> in 90% of QT as dependancies.  I fondly remember IPCHAINS.

I don't know what you're looking for exactly.

If you want a command line tool for configuring your firewall with an
easier syntax than iptables you could try ufw.

I don't know nftables, yet, but from what I read so far they seem to
got their inspiration from ufw's syntax.

ufw itself uses iptables and generates iptables rules.

Principally all those firewall tools do the same. They configure the
kernel's own firewall netfilter. And most if not all of those tools use
themselves iptables which is besides nftables the official tool for
configuring netfilter. 

Fun fact: iptables is the successor of ipchains. And it's a very long
time ago that ipchains was replaced by iptables.

Re: [gentoo-user] [SUSPECTED SPAM] [OT] Best *SIMPLE* firewall?

[Jorge Almeida]

On Wed, Feb 28, 2018 at 1:15 PM, Walter Dnes  wrote:
>   Is there something besides iptables?  It seems to be like
> systemd/perl/python, continuously expanding its scope.  And no, I'm not
> looking for an "easy-peasy front-end gui" that'll probably pull in 90%
> of QT as dependancies.  I fondly remember IPCHAINS.

shorewall seems to be the most powerful one. Lots of documentation,
configured via text files.
firehol is much simpler to use, but less well documented and the
mailing list doesn't show much life. None has any useless GUI. I find
both usable.

I would just use iptables if I were iptables-wise enough.

Cheers

Jorge Almeida