Do you recommend using iptables or a distro-specific tool for security configuration?
These tools often make assumptions about the default settings of iptables. This can sometimes create the illusion that your host is securely firewalled. For example, the default policy of the Red Hat Lokkit firewall management tool is to accept traffic. Most good firewall policies would do the reverse -- deny all traffic and only accept traffic you explicitly specify.
This being said, some tools are excellent and designed to provide a complete and highly flexible interface to iptables.
What are some examples of distro-specific or GUI-based configuration tools?
- Fwbuilder, which is a sophisticated multi-firewall (it also supports Cisco PIX, BSD pf and ipfilter) rule builder. It has a GUI interface and is designed to output complete, functional firewall configurations. It can be quite complicated to use and is not recommended for beginners.
- NARC (Netfilter Automatic Rule Configurator): a Bash script which runs from the command line and allows you to configure iptables. It has a strong focus on helping you configure rules that handle abnormal traffic (for example, blocking Smurf attacks, IP spoofing and SYN floods). The command-line interface can be intimidating for beginning users though.
- Turtle Firewall is a Webmin-based firewall admin tool. It allows for the configuration of firewalls using an object-based system. If you are using Webmin for your administration, this is an excellent tool.
- Firestarter is another GUI-based firewall configuration tool. I have found it personally easier to use than many of the other tools and its interface is clear and simple to navigate and operate. It also contains a real-time event and connection view of your firewall that allows you to monitor your firewall from the tool.
In addition to securing outsourced services for the Commonwealth Bank of Australia, James Turnbull is the author of Hardening Linux and resident security expert on SearchEnterpriseLinux.com.