Alejandro <elcorreodeale <at> gmail.com> writes:
> I use APF, for all my desktop/servers with debian and gentoo, > is quite easy and works great. In 10' you have iptables running. Interesting. I usually hack my rule by hand, as I like to learn as much about iptables and the ever changing kernel interaction issues. Particularly, I'm experimenting with embedded and very light weight fire hardware (586 processors). Do you think APF will allow me to use it's front end (gui) to build the raw iptable files and then go into them manually, make edits and changes, and load them manually onto a variety of light_weight linux servers and firewall. Most of the frontend (gui) systems to iptables, do not simple write out, either the rules one needs. /var/lib/iptables/rules-save file contains a form of the rules or better yet, a front end that just generate raw rules in iptable format that I can read and add to my /etc script? var/lib/iptables/rules-save first few rules looks like this: :INPUT DROP [44:2925] :FORWARD ACCEPT [117727109:41814106432] :OUTPUT ACCEPT [75971:11854908] [8913:443731] -A INPUT -p tcp -m tcp --dport 445 -j DROP [2629:133240] -A INPUT -p tcp -m tcp --dport 139 -j DROP [9578:481396] -A INPUT -p tcp -m tcp --dport 135 -j DROP [1174:49600] -A INPUT -p tcp -m tcp --dport 1433 -j DROP [23160:1195298] -A INPUT -p tcp -m tcp --dport 25 -j DROP [198:9532] -A INPUT -p tcp -m tcp --dport 4899 -j DROP [160198:18547126] -A INPUT -i ! eth2 -j ACCEPT The corresponding rules from my script look like this: iptables="/sbin/iptables" iptables -F iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -X $iptables --flush $iptables -t nat --flush $iptables -t mangle --flush $iptables -X $iptables -t nat -X $iptables -t mangle -X $iptables --policy INPUT ACCEPT $iptables --policy OUTPUT ACCEPT $iptables --policy FORWARD ACCEPT $iptables -t nat --policy PREROUTING ACCEPT $iptables -t nat --policy OUTPUT ACCEPT $iptables -t nat --policy POSTROUTING ACCEPT $iptables -t mangle --policy PREROUTING ACCEPT $iptables -t mangle --policy OUTPUT ACCEPT Im looking for a gui front end to iptables that generates the rules in a format you can put directly into a script. Does ADF do this? Any other package? James
