View Full Version : [all variants] Question about firwalls

May 31st, 2008, 08:43 PM
I want to take an old computer and turn it into a firewall, not out of nessecity, but more for learning. My question is, is iptables a good firewall to use/experiment with. Or are there other firewalls that are better to use that are more configureable. Thanks for your help in advance.

May 31st, 2008, 08:50 PM
iptables is the only firewall built-into the linux kernel. There are a lot of other programs (both GUI and command line) that allow you to alter the iptables indirectly.

Take a look at this:

May 31st, 2008, 09:02 PM
Thanks, so your saying that i can only use iptables?

May 31st, 2008, 09:22 PM
Almost all firewall software for Linux is based on iptables (or ipchains) - it is essentially the base software layer for all filtering of network traffic. But because it sits at the lowest level in the stack, the configuration rules can be complex to deal with entirely by hand. There are loads of scripts around to help generate iptables rules and a couple of notable GUI applications:

Shorewall (http://www.shorewall.net/)
Firestarter (http://www.fs-security.com/)

There are also some complete Linux/FreeBSD distributions designed specifically a firewall/routing platforms:

IPCop (http://ipcop.org/) (Linux)
Smoothwall (http://www.smoothwall.org/about/index.php) (Linux)
Untangle (http://www.untangle.com) (Linux)
pfSense (http://www.pfsense.com/) (FreeBSD)
m0n0wall (http://m0n0.ch/wall/) (FreeBSD)

May 31st, 2008, 09:30 PM
iptables is part of the kernel. I'm not familiar with another method. I've never heard such a complaint.

The Cog
June 1st, 2008, 12:12 PM
Also guarddog. It's a KDE program, but deserver a mention as a notable iptables confiuration GUI.

Agreed, all the Linux firewall GUIs I know of end up writing iptables scripts. I see nothing wrong with that, and lots of things right with that.

June 1st, 2008, 01:12 PM
This is a nice gentle introduction to iptables:


all the best

June 1st, 2008, 06:19 PM
Thanks for all the info.