This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Re: iptables as a replacement for commercial enterprise firewalls

Posted by: Anonymous [ip: 10.0.0.105] on December 17, 2007 02:00 PM
Well, there are some frontends to iptables that can actually make simple setups really simple and more complex setups rather easy.

I've used FireHOL (http://firehol.sourceforge.net) to build not-so-simple firewalls (multiple interfaces + multiple VLANs + different levels of isolation between them + NAT) and I think it is one of those unexplored gems that only Linux has. Its syntax is simple and based on bash (i.e. programmable), and it even allows straight iptables commands if you need to do something out of the ordinary.

It is kind of slow on startup though, but the generated rules are very nice and secure, so I guess it is worth it.

#

Return to iptables as a replacement for commercial enterprise firewalls