For those who are not network security experts, but have a requirement imposed on them to not just disable unneeded services, but also employ a host-based firewall, something like fwbuilder wouldn't just be nice to have, it would be just about necessary.
I've used IP filter enough to be able to set up reasonably robust rule sets by hand, but I don't pretend to be good enough to teach anyone else how to do that; so I'd be very glad for something that needed a lot less explanation. Levels of control needed: * none: don't need IP filter * basic: an allow or deny default and some templates, controllable via SMF properties perhaps, might be enough for home users, very small businesses, or other very simple requirements * middle (or scalable deployment): fwbuilder would be great here, esp. since it's somewhat (most things other than Windows) cross-platform in terms of what it can generate rules for * advanced: very special cases, rules get built by hand Without fwbuilder, one ends up either not doing anything, or being dependent on the very small number of people that will be able to create, maintain (and manage, on whatever scale) IP Filter rules directly. fwbuilder or something very much like it should be on the desktop because it should be available to manage servers, since it is made to handle rules for more than just the system it's being run on. Someone has apparently gotten it running on Solaris 10 http://hans.mayer.tv/html/fwbuilder.html but if you're in an environment where you get as much flak about not using unsupported software as you do about doing everything that's technically possible (but without the right tools unmaintainable in terms of human resources needed), that's not good enough. Having such functionality available on a supported basis would IMO be _very_ desirable. -- This message posted from opensolaris.org
