There have to be more choices in firewalls

[Tomosaur]

iptables is already very, very good at what it's supposed to do. I guess there's just no incentive for anyone to write an alternative, so must 'firewall' applications are essentially jus GUIs which interact with iptables.

[Cyraxzz]

Why? Firestarter is good enough. And there are other ones like OSSEC-HIDS

[Overcast32]

In my humble Opinion...

Hardware Firewalls > All the rest.

Just keep that 'remote admin' off, lol

[Lord Illidan]

I think Linux being Linux, the propensity is more towards distros being used as firewalls...such as Engarde Linux, and Bastille Linux, and so on.

[Michael_aust]

If you want simple, then there is nothing more simple then lokkit.

Its available in command line version of gui version. There is absolutly no different, the questions and layout are exactly the same.

It asks you what level of security you want, high, medium or low. Choose what you want. I think it asks about two questions relating to networking. Click apply and you are done.

None of this messing around like with guarddog and firestarter. Ok it wont give you as good a set up as the previous two. But it is a good enough configuration for most home users. As far as I know Lokkit was developed by Redhat.

I personally prefer the Iptables in Linux as a firewall over any windows firewall. Ok it is not as easy to set up as say norton of mcafee if you are doing advanced things. But here is the big bonus, I dont have a process running in the background eating up 15% of my my cpu while it is idle. Iptables is a kernel config so its not any extra overhead on your machine. Thus freeing this saved cpu time etc for thins that you want to do.

[Overcast32]

I think Linux being Linux, the propensity is more towards distros being used as firewalls...such as Engarde Linux, and Bastille Linux, and so on.

Ahhh, yeah - didn't consider that really. Of course, if it's sole purpose is a firewall, personally I think just a stripped down command line setup would work best.

But also - how 'new' is Ubuntu? I just found out about it a couple weeks ago - I'm sure that soon enough, we'll see a buncha goodies for it.

Still a good thread, if any coders were looking for a project I suppose.. Coding's a big time sink I've never really been able to devote time to. Silly ol' Video Games anyway!!

[PriceChild]

Ahhh, yeah - didn't consider that really. Of course, if it's sole purpose is a firewall, personally I think just a stripped down command line setup would work best.

But also - how 'new' is Ubuntu? I just found out about it a couple weeks ago - I'm sure that soon enough, we'll see a buncha goodies for it.

Still a good thread, if any coders were looking for a project I suppose.. Coding's a big time sink I've never really been able to devote time to. Silly ol' Video Games anyway!!

First release was october 2004: http://www.ubuntu.com/ubuntu/releases

I really don't see the need for a replacement for iptables.

[skymt]

There's no reason to have anything but iptables. It's simply the name for the packet filtering features in the Linux kernel, and the tools to control them. To make another system would be worthless duplication of effort, when we already have something that does the job very well. "Why don't we have more graphics systems? Why just Xorg?" Because that's all we need!

I'm pretty sure Windows has a similar (probably inferior) kernel interface that all the GUI firewalls over there interface with. It's just less visible, since ZoneAlarm doesn't advertise their product as a "front-end for Windows BlockPackets", or whatever it's called.

If you want more front-ends, there are plenty on the command line. Firestarter is the only major GUI one, because the "fool new users into a sense of security" field in Ubuntu is fairly small, unlike in Windows. If Symantec started marketing security tools for Linux, I'm sure the field would expand greatly.

[Charles Hand]

It's been said before: iptables is complete and sufficient for any firewall application. I think Jpazindustries is really looking for a variety of front-ends. Maybe someone will write him a front-end that works the way he wants.

I would also encourage Jpazindustries to give the existing front-ends a fair try, if he hasn't already.

[TheRingmaster]

thanks for the extra information fellas, it was helpful. I love to learn about these sorts of things.