IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New They are VERY... Exceptionally well done.
They whole scripts thing is easy.

I like it for being straight forward and easy to understand.

The iptables/netfilter stuff it does is stellar. I have only found one bug (it has been addressed) and it is a trival "rule fix" for making the rules. I haven't even cared to update to a revision that it is fixed in, it is a 4 second edit of the script to fix it myself.

But, then again I should.

Also, it can upload all the data/script and configs to the devices running the scripts, including "update services" for the firewall.

It uses "first rule match wins" logic for the GUI, but will write the script/ruleset/config the proper way for each type of firewall supported.

I haven't seen something this easy to use and manage a firewall, ever. Even the CISCO WINDOWS stuff comes no-where close.

It is straight forward, can handle anything to the limits of the Firewall device/OS/etc. Storing all the data in XML and a well documented XML schema.

I can setup a small example of the scripts for each and every device/filter it supports using the same ruleset just changing the device type. If you'd like.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
New Initial glance looks like it want a library of service types
Do I need to define them (ftp, ssh, SQL/Net, etc) or is there something I can grab that I missed. I did an apt-get to setup.
New There are all the standard ones.
/me opens FWBUILDER

At the top, there is a "user" head, click on it and select the standard section.

Things are drag and drop. Make sure your understand NAT with Linux. NAT comes before the routing or allow/deny stage. So the rules in global have to have the NAT addresses for letting stuff in.

I can send you my *.fw I use. Just to show you an existing setup that works. I am a bit less anal than you will be. I'll send it to your TCD account.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
New Thanks
Note: I'm not using NAT for this setup, all addresses to be specified are real.
I think!
     Home made firewall? - (broomberg) - (12)
         the hard way? - (cforde) - (7)
             Depends - (broomberg) - (6)
                 Use FWBUILDER - (folkert) - (5)
                     Interesting - (broomberg) - (4)
                         They are VERY... Exceptionally well done. - (folkert) - (3)
                             Initial glance looks like it want a library of service types - (broomberg) - (2)
                                 There are all the standard ones. - (folkert) - (1)
                                     Thanks - (broomberg)
         first, if they are in the DMZ they can talk to each other? - (boxley) - (3)
             DMZ yes, but need better isolation - (broomberg) - (2)
                 4 port Copper GIG cards are available. - (folkert) - (1)
                     But the intel only allows 2 per box - (broomberg)

I couldn't find my socks this morning, so I dialed information.
123 ms