I have a small herd of Debian Squeeze boxen, including several laptops. I have been using firestarter as a GUI front end for iptables, but it is getting long in the tooth. For one thing, it does not support IPv6.
I expect to transition to IPv6 over several years. One thing I would like to do is IPv6 lookups for DNS. That will probably require IPv6 tunneling over IPv4, as my ISP doesn't provide IPv6. That suggests a tunnel on the firewall machine so it can firewall that as well. I would like to have one GUI front end to manage all of my machines. Multiple installations (e.g. firestarter) are fine. Most machines have fairly simple firewall requirements: they use DHCP but have fixed IP addresses; only SSH and a few other services are allowed in. My firewall machine is a bit more complicated. I want to be able to do address and port forwarding on it as well as NAT. One laptop is probably the messiest use case: I use it as an alternate DHCP and DNS server when the laptop is on the home network; otherwise those services are shut down. I also operate several virtual machines, and it would be nice if the firewall software handled changing IP addresses. Since the laptop also handles DNS lookup for its virtual machines, it would also need an IPv6 over IPv4 tunnel. Any firewall GUI should be able to handle at least these use cases. It should store its setup as one or more IP tables commands in text file, so that if necessary I can use iptables-save and iptables-restore to use the configuration. For one thing, this will let me use NetworkManager on the laptops to automate changes in the IP laptops' address. Obviously firestarter is out. On some experimenting gufw seems unnecessarily cumbersome. For example, I don't see any way to set up NATting to the VMs. It also assumes a knowledge of the syntax of ip tables. The main reason I want a GUI front end is so I don't have to relearn IP tables syntax in detail every time I need to make a change. What other GUI IP tables front ends would you suggest? -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
