Package: harden-doc Version: today's CVS Severity: wishlist Tags: patch
Hi, The list of iptables frontends in the Securing Debian Manual is getting out of date fast. I guess it's better to maintain such a list on a wiki. (See also http://lists.debian.org/debian-firewall/2005/10/msg00045.html .) I've copied the volatile stuff to the Firewalls page on http://wiki.debian.org/Firewalls. Attached patch removes it from the manual, and adjusts the surrounding text to refer to the Wiki. Bye, Joost
--- services.sgml.orig 2005-11-19 12:37:00.571383340 +0100 +++ services.sgml 2005-11-19 13:08:20.299186702 +0100 @@ -1571,54 +1571,19 @@ <em>personal firewall</em>) and some are more versatile and can be used to configure complex rules to protect whole networks. -<p>Some software that can be used to set up firewall -rules in a Debian system is: - -<list> -<item><package>firestarter</package>, a GNOME application oriented -towards end-users that includes a wizard useful to quickly setup -firewall rules. The application includes a GUI to be able to monitor -when a firewall rule blocks traffic. -<item><package>fwbuilder</package>, an object oriented GUI which -includes policy compilers for various firewall platforms including -Linux' netfilter, BSD's pf (used in OpenBSD, NetBSD, FreeBSD and -MacOS X) as well as router's access-lists. It is similar to enterprise -firewall management software. Complete fwbuilder's functionality is -also available from the command line. -<item><package>shorewall</package>, a firewall configuration tool -which provides support for IPsec as well as limited support for traffic -shaping as well as the definition of the firewall rules. Configuration -is done through a simple set of files that are used to generate the -iptables rules. -<item><package>guarddog</package>, a KDE based firewall configuration -package oriented both to novice and advanced users. -<item><package>knetfilter</package>, a KDE GUI to manage firewall -and NAT rules for iptables (alternative/competitor to the guarddog tool -although slightly oriented towards advanced users). -<item><package>bastille</package>, this hardening application is -described in <ref id="automatic-harden">. One of the hardening steps -that the administrator can configure is a definition of the allowed and -disallowed network traffic that is used to generate a set of firewall -rules that the system will execute on startup. -<item><package>mason</package>, an application which can propose -firewall rules based on the network traffic your system "sees". -<item><package>ferm</package> -<item><package>lokkit</package> or <package>gnome-lokkit</package> -<item><package>ipac-ng</package>, helps setup not traditional firewall -rules but network traffic classification rules. -<item><package>filtergen</package> -<item><package>fiaif</package> -<item><package>hlfl</package> -<item><package>kmyfirewall</package> -<item><package>netscript-2.4</package> -</list> -<!-- No longer available : -fwctl -fireflier -easyfw -firewall-easy -gfcc ---> +<p>A (presumably pretty up to date) list of iptables-frontends in Debian is +maintained at the <url id="http://wiki.debian.org/Firewalls"; name="Firewalls +page on the Debian wiki">. Some of the popular packages that can be used to +set up firewall rules in a Debian system are <package>ferm</package>, +<package>firehol</package>, <package>firestarter</package>, +<package>fwbuilder</package>, <package>guarddog</package>, +<package>ipmenu</package> and <package>shorewall</package>. + +<p>A special one is <package>bastille</package>: this hardening application is +described in <ref id="automatic-harden">. One of the hardening steps that the +administrator can configure is a definition of the allowed and disallowed +network traffic that is used to generate a set of firewall rules that the +system will execute on startup. <p>Notice that some of the packages outlined previously will introduce firewalling scripts to be run when the system boots. @@ -1629,7 +1594,7 @@ (which might not be what you pretend). Consult the package documentation and use either one of these setups. -<p>As mentioned before, some programs, like <package>firestarter</package>, <package>guarddog</package> +<p>Some programs, like <package>firestarter</package>, <package>guarddog</package> and <package>knetfilter</package>, are administration GUIs using either GNOME or KDE (last two). These applications are much more user-oriented (i.e. for home users) than some of the other packages in the list
signature.asc
Description: Digital signature
