Trustix is a great firewall with a Java interface for Windows and Linux that I was impressed with. GUI iptables rule setting is the best I've seen yet, but I guess I'm not widely experienced there.
JSR/ On Fri, 2005-09-30 at 12:36 -0400, John Demme wrote: > In regards to playing with iptables, I start using Shorewall a few > months ago, and I love it. With the exception of the web interface, > I'm pretty sure it does all the things you mention. Does anyone know > of a good web interface for the shorewall config files? I know > there's a Webmin module and it's OK, but certainly not amazing. > > ~John > > On 9/30/05, David Zakar <[EMAIL PROTECTED]> wrote: > Does anyone have any recommendations for a good, > enterprise-class > router? At the moment we're using a Juniper router, which has > excellent > management capabilities, but this awful limitation to only > letting out > 10 machines at a time. Firmware upgrade to unlimited machines > is $800, > so I'd prefer to stay somewhere under that. > > I am _not_ interested in screwing with iptables or ipfwadm all > day, so > please do not suggest a generic Linux or *BSD box, unless > there's some > sort of _really amazing_ front-end that you'd like to inform > me of. I > have way too many other things to do to waste my time with > arcane > firewall rule syntax. > > My requirements are: > 1. Must do NAT. > 2. Must be able to do port forwarding, including doing access > control by > _hostname_ (ie, DynDNS hostnames must resolve properly. I can > live with > four hour refresh intervals for hostnames, though.). I would > find it a > nice bonus if it could forward certain groups (see below) to > certain > machines, but that's icing. > 3. I would really love something which has an object model, so > I can > connect logical names to hostnames and IPs (ie, DMZ has IP > xxx.xxx.xxx.xxx, John has hostname johnsbox.dyndns.org), and > throw > together groupings of objects. > 4. To keep this on-topic, must be "Linux compatible". I would > prefer > something running Linux on the backend, but I need something > that works > well more than anything. > 5. Web-based GUI. I'm busy and lazy. > > Stuff that's not important at all: > 1. DHCP > 2. Wireless > 3. VPN > > -DMZ >
