On Thu, Sep 04, 2003 at 10:56:26AM -0700, Jeremy T. Bouse wrote: > As the fwbuilder maintainer this makes me happy to know it's > atleast being used...
Everybody who asks me how to build a Linux-based firewall always got fwbuilder recommended first. Some have looked at the output and thus learned how the netfilter works but most of them still mainly use the fwbuilder to maintain the iptables scripts. > I'm curious about this as Vadim just released 1.0.11 last nite > and I am working to get the packaging done quickly... I'm still using a pinned version 1.0.5 on my Woody server. I had enough problems running aptitude and fwbuilder on the same system due to library problems (hmm, which one was that?). However on my development system I have a most up-to-date unstable system and could well try out the 1.0.11 version. At work we have a test system running 1.0.9 which is even more unstable/buggy then the 1.0.5 in means of crashing. It might be some localisation problem though - some applications on Gnome used to have problems in a non-english (LANG=de) environment. > If you could provide more information regarding this I would > appreciate it and try to look into it with Vadim... I haven't seen > this problem myself personally and I'll usually have fwbuilder up for > quite some time tweaking, recompiling the rules, testing script on > firewall and repeating until everything is as I want it... Thanks a lot for your offer. I'm quite personally interested in fwbuilder and would like to help improving the package. If it wouldn't yet be a .deb package I had surely made one. :) > Only 50 rules? I think I have atleast 100 rules and that's just > on the one interface... That's where fwbuilder has help'd me > considerably in managing and prioritizing the rules themselves... Bear with me - I'm used to Checkpoint. They have no written limit in the number of rules but our most complex firewall features 400 rules which makes the Checkpoint GUI more unstable than one-legged chair. A short note on what is really a lack in the fwbuilder (perhaps fixed since 1.0.9): it's a pain in the lower back that you cannot select a column (destination for example), right-click and say "Add". The drag'n'drop approach is nice but in a larger number of objects, firewalls, interfaces and rules you can scroll I'll bet one day I will accidentally unscrew my mouse-wheel. The Checkpoint GUI (which fwbuilder is obviously derived from) makes this task more easy even allowing searching for objects in this "Add" dialog by just typing its name. Just a suggestion. If we even had a working fwbd which allowed to distribute the firewall scripts automatically that would be a blast. Regards Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All
