Chapter 15. Graphical User Interfaces for
Iptables/netfilter
One side of iptables and netfilter that we haven't looked at very much yet, is
the graphical user interfaces that are available for iptables and netfilter.
One of the biggest problems with this is that netfilter is a very complex and
flexible setup, that can perform the strangest of tasks. For this reason,
it can become a very daunting task to create a GUI for netfilter.
Several persons and organisations have tried to create GUI's for netfilter and
iptables, and some have succeeded better than others, while others have given up
after some time. All have different reasoning behind their tries as well, so it
isn't an easy task to show them all. However, this chapter is a small
compilation of some of the GUI's for iptables and netfilter that may be worth
looking at.
Firewall Builder, or simply fwbuilder, is an extremely versatile and powerful
tool that can be used to build your own firewalls, or to maintain several
firewalls for that matter. It can be used to create policies for several
different types of firewalls, including iptables (Linux 2.4 and 2.6), ipfilter
(freebsd, netbsd, etc), openbsd pf, and, with a module that must be bought,
Cisco PIX.
Fwbuilder has, as you can see, a very big audience and is well taken care of
and continues to be developed. It is run on a separate host system, where you
create the policy files, and then copy them over and run them on the target
system. It is able to handle everything from very simple rulesets to large and
rather complicated ones. It has extensive abilities to handle different
versions and installations of iptables, by configuration of which
targets/matches are available on each host system, etcetera. The end result may be saved in an xml file, or a system parsable configuration file (e.g., the
real firewall scripts).
You can see the configuration of the "firewall" in the above example, and the
main menus of the whole fwbuilder system. fwbuilder can be found at https://www.fwbuilder.org.
