IP Tables GUI Front Ends

Charles Curley charlescurley at charlescurley.com
Sun Sep 23 16:38:05 MDT 2012


I have a small herd of Debian Squeeze boxen, including several laptops.
I have been using firestarter as a GUI front end for iptables, but it
is getting long in the tooth. For one thing, it does not support IPv6.

I expect to transition to IPv6 over several years. One thing I would
like to do is IPv6 lookups for DNS. That will probably require IPv6
tunneling over IPv4, as my ISP doesn't provide IPv6. That suggests a
tunnel on the firewall machine so it can firewall that as well.

I would like to have one GUI front end to manage all of my machines.
Multiple installations (e.g. firestarter) are fine. Most machines have
fairly simple firewall requirements: they use DHCP but have fixed IP
addresses; only SSH and a few other services are allowed in.

My firewall machine is a bit more complicated. I want to be able to do
address and port forwarding on it as well as NAT.

One laptop is probably the messiest use case: I use it as an alternate
DHCP and DNS server when the laptop is on the home network; otherwise
those services are shut down. I also operate several virtual machines,
and it would be nice if the firewall software handled changing IP
addresses. Since the laptop also handles DNS lookup for its virtual
machines, it would also need an IPv6 over IPv4 tunnel.

Any firewall GUI should be able to handle at least these use cases. It
should store its setup as one or more IP tables commands in text file,
so that if necessary I can use iptables-save and iptables-restore to
use the configuration. For one thing, this will let me use
NetworkManager on the laptops to automate changes in the IP laptops'
address.

Obviously firestarter is out. On some experimenting gufw seems
unnecessarily cumbersome. For example, I don't see any way to set up
NATting to the VMs. It also assumes a knowledge of the syntax of ip
tables. The main reason I want a GUI front end is so I don't have to
relearn IP tables syntax in detail every time I need to make a change.

What other GUI IP tables front ends would you suggest?

-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB


More information about the PLUG mailing list