Guarddog

[Keith Morse]

On Mon, 22 Dec 2003, Tom Wilson wrote:

> 
> Have you tried fwbuilder?  I've never used it myself but have heard many
> folks mention good things about it. 
> 

Again at the risk of proselytizing, I use fwbuilder and cannot recommend 
it enough.  It does require X and some libraries not normally found in 
some distributions, but those libraries are easily obtained.  I don't run 
it on the firewall itself, but rather on a management host.  fwbuilder 
"compiles" a ruleset into a bash script that you can push to the 
destination firewall.

The author is responsive, knowledgeable, and happy to help.  And there is 
a wealth of documentation on the web site.


Fwbuilder won't hand hold you (there are wizards but only give basic 
functionality) so if you don't know netfilter, ipf, and others it would be 
tough starting from scratch.  If you do know firewalls, it is an excellent 
for managing them as well as documenting your ruleset for future auditing 
and/or review.