Hunting: Brilliant Firewall builder for debian
im looking for an application preferably console based, but if i have to use a gui i will only as long as i can export it to another computer.
anyone have any ideas?
FireHOL is indeed good. But my final choice went to shorewall.
IMHO, none of the other tools came close to these two excellent choices.
I recommend you try both shorewall and firehol for a couple days before choosing. I wouldn't bother with other firewall tools unless you have a lot of free time to spare.
If you choose shorewall, just edit these 3 simple files: rules, policy and interfaces. By breaking up config into multiple files, shorewall makes the syntax easier yet more flexible than single-file configs.
For example, an entry in the 'rules' file to allow http and https connections from external network to the firewall looks like this:
AllowWeb net fw
Or it can look like this if you prefer seeing actual port numbers in your 'rules' config file:
ACCEPT net fw tcp 80
By defining 'net' in a separate config file (called 'interfaces'), shorewall simplifies the rules file syntax. This is the philosophy of shorewall which made it a no-brainer to configure and maintain (even on my home gateway/firewall with multiple network cards).
You can also specify a specific ip address like this so that only ip address 220.127.116.11 can connect via ssh into the fw machine:
AllowSSH net:18.104.22.168 fw
Or like this which means the same thing:
ACCEPT net:22.214.171.124 fw tcp 22
Again, try both shorewall and firehol. These are the top 2 choices by a huge margin and you can't go wrong with either in generating/managing iptables rules.
HOW-TO: Shoreline Firewall (Shorewall) 2.0.15
I couldnt figure out shorewall (at least the doco I saw).