Re: [bitfolk] iptables front-end?

On 16/10/12 20:22, Amar Sood wrote: okay, time to take this more seriously... which distro are you running? many of them have their own tools already. Do you want a graphical or CLI interface? /me suspects CLI, but you never can tell <shudders> Surely noone ever *actually* means emacs? :) [fight! fight! fight!] In all seriousness, though, I do write all my firewall rules in vim and load them before the network starts, using the 'iptables-restore' command RH-type distros already have an init script that does this for you. Netfilter syntax really isn't that complicated and understanding it does no harm. I would recommend learning it. How have you added the rules that you already use? ip_conntrack state matching rules aren't particularly complicated Most of those rules look a bit like the following iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - This is a general "allow stuff in if it's part of an existing or related connection" rule (there are other options, like NEW or INVALID) - it would be the first rule (because of the -I) These rules can have protocol and port specifications, too. It doesn't sound like you have very complex requirements. My experience with netfilter frontends is they tend to err on the side of complexity, certainly in terms of the rules they generate, with multiple custom chains. I like my rules to be readable. I also find that managing the rules with an editor allows me to add comments where necessary (and/or use a VCS to permit rollback) Yes, I realise this wasn't exactly what you asked for, but it Works For Me (tm) Regards, Stuart -- Stuart Sears RHCA etc. "It's today!" said Piglet. "My favourite day," said Pooh.