fwbuilder was: Linux Router ...

[Keith Morse]

Michael Hipp wrote:
> Keith Morse wrote:
>>
>> I'd like to second this. In my opinion,  fwbuilder is one of the best
>> software projects available out there.  The interface is second to none,
>> allows for comments in your rulesets, and makes it easier for auditing
>> purposes.
>
> This looks interesting. Do I understand that you run this gui tool on
> your desktop of choice and then transfer the "compiled" firewall
> config to the firewall box? So no need for a gui on the firewall box?
>
> If so, sounds like what I've been looking for.

Exactly that, in fact it's my preferred method.  You can deploy the
firewall scripts natively using it's builtin facility that use ssh or
push the scripts manually by your own method.  It also supports using
RCS for version control.   It will compile a ruleset for ipf, pf,
netfilter, cisco pix (though this is a commercial product, just the
compiler) and has also been ported to MS-Windows (another commercial
product).  All the unix versions are GPL.  The ruleset compilers have a
good bit of intelligence and will detect shading of rulesets by previous
rulesets.  You can manage more that one firewall from the same config
and you have the ability to create your own library of objects to
customize beyond what is provided in the standard libary.

Well worth a look