Debian Package a Day ([info]debaday) wrote,
@ 2004-11-03 07:00:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
guarddog - firewall configuration utility for KDE
Guarddog is a firewall configuration utility for KDE. It is aimed at two groups of users: novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains/iptables parameters.

This is the first of two packages suggested by Martin S. where he says that guarddog...
...is an awesome tool for configuring a firewall without writing all the firewall manually. I would say that for the purpose of protecting a notebook or desktop machine that dials into the internet, guarddog is really fine. It might be that you can do a more fine grained firewall by hand, but actually in my oppinion guarddog is rather flexible.

It has an internet zone, which contains all IP addresses not being in an other zone, and it has a local zone, containing the machine guarddog runs on, and when you have a local network you can define an additional zone for it easily. You can even have a demilitarised zone if you like to (see screenshots).

Then you connect the zones and can specify which services in a certain zone should be available to which other zones. By default guarddog is configured in a way that nothing is allowed. That way to have to find out about the program before using it. The whole design of the software is in the way that for every service you want to use you have to poke to hole into the firewall. I like this security oriented design in a GUI configuration tool for firewalls. guarddog is generating iptables-Rules and works nicely with Kernel 2.6.

More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)

Now available in RSS and ATOM flavors too.

(Post a new comment)

lokkit
[info]rfunk
2004-11-03 07:36 am UTC (link)
For quick & dirty iptables configuration I like lokkit. No graphical configuration, which I consider an advantage.

(Reply to this)

fwbuilder
(Anonymous)
2004-11-05 09:17 pm UTC (link)
fwbuilder (http://www.fwbuilder.org/)

this isn't for newbies... well, if you can wrap your head around firewalling, possibly messing with ipchains back in the day, but don't know iptables, then this is for you. matter of fact, fwbuilder is how i migrated from ipchains (2.2) to iptables (2.4) without having to learn iptables. i now read iptables well enough that i can hand-tweak the script that fwbuilder generates.

fwbuilder even has a wizard to help jumpstart the firewall creation process (and to help those already familiar with firewall concepts to understand how those map to fwbuilder constructs).

i design the firewall on my workstation, scp it to my firewall, and execute it. the machine on which i design the ruleset doesn't have to have any relation to the firewall, unlike other firewall builders that must execute graphically on the firewall as root.

my ruleset includes the internet, dmz/wireless, intranet, vpn from wireless to intranet, port forwarding from internet to internal servers, etc.

sure you can create a hand-written firewall ruleset better than fwbuilder can generate one, but it's like C++/Java vs assembly: the lower level one is highly machine efficient but so human inefficient to be unbearable to all but thet most stubborn. ;)

(Reply to this)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…