Re: looking for a nftables gui
On 03/03/2020 14:06, Stefan K wrote: Hi, and thanks for this hint, will have a look into it. firt look is that it use XML-config syntax, right, thats not my favorite but ok i will try it. Just to be more specific: I will build a firewall (bare metal), behind the firewall I have 512 public IP addresses and I will manage the access rules, my boss and I favour a simple opensource-solution with just IP/Port access-rules On Thursday, February 27, 2020 2:19:55 AM CET tv.deb...@googlemail.com wrote: On 26/02/2020 17:54, Stefan K wrote: Hello, we're looking for a nftables gui/frontend. We want to create a simple firewall (port/ip blocking) I took a look at vuurmuur[1], but it just support iptables. Does exist some other solutions? We don't want to config it via cli or config-files. Thanks for help! best regards Stefan [1] https://www.vuurmuur.org/t Hello, I believe "firewalld" fits your needs, it as a frontend available in the package "firewall-config" and a taskbar notification/status with "firewall-applet" that works in various desktop environments. The docs can walk you or your users though the basics and more [1]. "gufw" + "ufw" while not designed for nftables also work with it thanks to iptables compatibility wrappers. The occasional bug was discussed on this list not long ago. Both have the advantage of being packaged in Debian. [1] https://firewalld.org/documentation/howto/ I have only used "firewalld" for small deployments, usually with the command-line tool "firewall-cmd". The applet is a bonus so that users can confirm that the firewall is running without the need of typing a command, and get feedback if something is blocked. It does use xml syntax. For anything larger my tool of choice is "shorewall" [2], which in Debian works with iptables or nftables thanks to the compatibility layer. The configuration is easy enough, the syntax is very straightforward, but you would have to forego the g.u.i. requirement, I am not aware of any graphical front-end for "shorewall". [2] https://shorewall.org/
Re: looking for a nftables gui
Hi, and thanks for this hint, will have a look into it. firt look is that it use XML-config syntax, right, thats not my favorite but ok i will try it. Just to be more specific: I will build a firewall (bare metal), behind the firewall I have 512 public IP addresses and I will manage the access rules, my boss and I favour a simple opensource-solution with just IP/Port access-rules On Thursday, February 27, 2020 2:19:55 AM CET tv.deb...@googlemail.com wrote: > On 26/02/2020 17:54, Stefan K wrote: > > Hello, > > > > we're looking for a nftables gui/frontend. > > We want to create a simple firewall (port/ip blocking) I took a look at > > vuurmuur[1], but it just support iptables. Does exist some other solutions? > > > > We don't want to config it via cli or config-files. > > > > Thanks for help! > > best regards > > Stefan > > > > > > [1] https://www.vuurmuur.org/t > > > > Hello, I believe "firewalld" fits your needs, it as a frontend available > in the package "firewall-config" and a taskbar notification/status with > "firewall-applet" that works in various desktop environments. > The docs can walk you or your users though the basics and more [1]. > > "gufw" + "ufw" while not designed for nftables also work with it thanks > to iptables compatibility wrappers. The occasional bug was discussed on > this list not long ago. > > Both have the advantage of being packaged in Debian. > > > [1] https://firewalld.org/documentation/howto/ > >
Re: looking for a nftables gui
On 26/02/2020 17:54, Stefan K wrote: Hello, we're looking for a nftables gui/frontend. We want to create a simple firewall (port/ip blocking) I took a look at vuurmuur[1], but it just support iptables. Does exist some other solutions? We don't want to config it via cli or config-files. Thanks for help! best regards Stefan [1] https://www.vuurmuur.org/t Hello, I believe "firewalld" fits your needs, it as a frontend available in the package "firewall-config" and a taskbar notification/status with "firewall-applet" that works in various desktop environments. The docs can walk you or your users though the basics and more [1]. "gufw" + "ufw" while not designed for nftables also work with it thanks to iptables compatibility wrappers. The occasional bug was discussed on this list not long ago. Both have the advantage of being packaged in Debian. [1] https://firewalld.org/documentation/howto/
