[Techtalk] iptables DMZ and more :)
Brian Sweeney
bsweeney at physics.ucsb.edu
Thu Dec 27 12:04:46 EST 2001
James wrote:
> Anyone have a good rundown on an iptables DMZ firewall? I've read a few
> premade-fill in the blank scripts for it, but does anyone have their own
> they could share? Preferably not entirely complicated with things I can
> understand. This is what I'm looking to do:
Haven't tried it in production m'self, but there's a nice project on on
sourceforge called fwbuilder
(http://sourceforge.net/projects/fwbuilder/); very straightforward
interface, sort-of checkpoint-ish. It generates XML, then compiles into
a "rules" file with familiar iptables commands. The nice part is it's
object-oriented, so grouping hosts/servers/networks/etc should be pretty
straightforward. And there are some nice user-contributed scripts for
allowing firewall rules to be installed onto other machines via ssh, so
you could if necessary administer a number of different firewalls with
one interface (doesn't sound like you'll need it for this setup, but a
nice feature nonetheless).
Good luck!
-Brian
More information about the Techtalk
mailing list