On 1/19/2009 8:28 PM, Jun Salen wrote:> I am not familiar with the commands of IPtables so I want use tools on top
of it. What do you suggest. Can I make test of it inside CentOS on top of VMWare
server with only one LAN inteface? I try to use Pfsense, I believe it has easy
to understand GUI but it fails to install on my desktop machine to test, maybe
due to hardware comaptibility. Kernel panic during boot even after disabling
ACPI. If you have suggestion on tools or template for Iptables to suggest or
share, please do. Thank you very much.
>
Shorewall
http://www.shorewall.net/
There are "redhat" RPMs available that work wonderfully on CentOS. It
is
a pleasant step up from managing the iptables manually.
"The Shoreline Firewall, more commonly known as ?Shorewall?, is
high-level tool for configuring Netfilter. You describe your
firewall/gateway requirements using entries in a set of configuration
files. Shorewall reads those configuration files and with the help of
the iptables, iptables-restore, ip and tc utilities, Shorewall
configures Netfilter and the Linux networking subsystem to match your
requirements. Shorewall can be used on a dedicated firewall system, a
multi-function gateway/router/server or on a standalone GNU/Linux
system. Shorewall does not use Netfilter's ipchains compatibility mode
and can thus take advantage of Netfilter's connection state tracking
capabilities." [1]
"Shorewall is not the easiest to use of the available iptables
configuration tools but I believe that it is the most flexible and
powerful. So if you are looking for a simple point-and-click
set-and-forget Linux firewall solution that requires a minimum of
networking knowledge, I would encourage you to check out the following
alternatives:" [1]
* kmyfirewall
* firestarter
[1] http://www.shorewall.net/Introduction.html