* What is the BEST GUI frontend to iptables firewall?
@ 2020-03-26 11:35 Turritopsis Dohrnii Teo En Ming
2020-03-26 11:49 ` ѽ҉ᶬḳ℠
` (4 more replies)
0 siblings, 5 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-26 11:35 UTC (permalink / raw)
To: netfilter; +Cc: ceo
Good evening from Singapore,
May I know what is the BEST GUI frontend to iptables firewall? It can be
very involved and tedious to configure iptables firewall using the
command line approach.
Are there any good rankings and reviews on the best GUI frontend to
iptables firewall?
I am looking forward to hearing from you soon.
Thank you very much.
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 11:35 What is the BEST GUI frontend to iptables firewall? Turritopsis Dohrnii Teo En Ming
@ 2020-03-26 11:49 ` ѽ҉ᶬḳ℠
2020-03-26 12:13 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 11:30 ` Turritopsis Dohrnii Teo En Ming
2020-03-26 20:27 ` Robert Sander
` (3 subsequent siblings)
4 siblings, 2 replies; 25+ messages in thread
From: ѽ҉ᶬḳ℠ @ 2020-03-26 11:49 UTC (permalink / raw)
To: netfilter
On 26/03/2020 11:35, Turritopsis Dohrnii Teo En Ming wrote:
> Good evening from Singapore,
>
> May I know what is the BEST GUI frontend to iptables firewall? It can
> be very involved and tedious to configure iptables firewall using the
> command line approach.
>
> Are there any good rankings and reviews on the best GUI frontend to
> iptables firewall?
>
> I am looking forward to hearing from you soon.
>
> Thank you very much.
"best" is rather something in the eye of the beholder / user
perspective. Some distros provide a comprehensive management GUI that
includes firewall management.
Back in the (iptables) day this distro independent GUI
https://configserver.com/cp/csf.html served me well, also integrates
with various admin panels.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 11:49 ` ѽ҉ᶬḳ℠
@ 2020-03-26 12:13 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 11:30 ` Turritopsis Dohrnii Teo En Ming
1 sibling, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-26 12:13 UTC (permalink / raw)
To: vtol; +Cc: netfilter, ceo
On 2020-03-26 19:49, ѽ҉ᶬḳ℠ wrote:
> On 26/03/2020 11:35, Turritopsis Dohrnii Teo En Ming wrote:
>> Good evening from Singapore,
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be very involved and tedious to configure iptables firewall using the
>> command line approach.
>>
>> Are there any good rankings and reviews on the best GUI frontend to
>> iptables firewall?
>>
>> I am looking forward to hearing from you soon.
>>
>> Thank you very much.
>
> "best" is rather something in the eye of the beholder / user
> perspective. Some distros provide a comprehensive management GUI that
> includes firewall management.
>
> Back in the (iptables) day this distro independent GUI
> https://configserver.com/cp/csf.html served me well, also integrates
> with various admin panels.
Hi,
Thank you for the quick reply.
I think CentOS Web Panel (CWP) web hosting control panel is also using
ConfigServer Security & Firewall (csf).
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 11:35 What is the BEST GUI frontend to iptables firewall? Turritopsis Dohrnii Teo En Ming
2020-03-26 11:49 ` ѽ҉ᶬḳ℠
@ 2020-03-26 20:27 ` Robert Sander
2020-03-26 23:15 ` Turritopsis Dohrnii Teo En Ming
[not found] ` <330d7201-6561-61a9-9095-8bdf8ee1518b@hajes.org>
` (2 subsequent siblings)
4 siblings, 1 reply; 25+ messages in thread
From: Robert Sander @ 2020-03-26 20:27 UTC (permalink / raw)
To: netfilter
[-- Attachment #1.1: Type: text/plain, Size: 709 bytes --]
Am 26.03.20 um 12:35 schrieb Turritopsis Dohrnii Teo En Ming:
>
> May I know what is the BEST GUI frontend to iptables firewall? It can be
> very involved and tedious to configure iptables firewall using the
> command line approach.
fwbuilder is/was a very good desktop application to configure a range of
firewall systems. Development has been moved to
https://github.com/fwbuilder/fwbuilder
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
[not found] ` <330d7201-6561-61a9-9095-8bdf8ee1518b@hajes.org>
@ 2020-03-26 23:11 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 9:04 ` Daniel
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-26 23:11 UTC (permalink / raw)
To: david; +Cc: netfilter, ceo
On 2020-03-27 00:21, david@hajes.org wrote:
> best GUI is prompt/command line ;-)
>
> with nftables and native scripting is everything more simple
>
> On 26/03/2020 12:35, Turritopsis Dohrnii Teo En Ming wrote:
>> Good evening from Singapore,
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be very involved and tedious to configure iptables firewall using the
>> command line approach.
>>
>> Are there any good rankings and reviews on the best GUI frontend to
>> iptables firewall?
>>
>> I am looking forward to hearing from you soon.
>>
>> Thank you very much.
What is nftables?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 20:27 ` Robert Sander
@ 2020-03-26 23:15 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 10:12 ` Robert Sander
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-26 23:15 UTC (permalink / raw)
To: Robert Sander; +Cc: netfilter, ceo
On 2020-03-27 04:27, Robert Sander wrote:
> Am 26.03.20 um 12:35 schrieb Turritopsis Dohrnii Teo En Ming:
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be
>> very involved and tedious to configure iptables firewall using the
>> command line approach.
>
> fwbuilder is/was a very good desktop application to configure a range
> of
> firewall systems. Development has been moved to
> https://github.com/fwbuilder/fwbuilder
>
> Regards
Hi Robert Sander,
Thank you for your reply.
I found a video tutorial for Firewall Builder at the following link. Is
it the correct one?
http://fwbuilder.sourceforge.net/4.0/videos.shtml
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
[not found] ` <467df868-97b0-c665-668b-df8813b7eae0@gmx.at>
@ 2020-03-26 23:18 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-26 23:18 UTC (permalink / raw)
To: infoomatic; +Cc: netfilter, ceo
On 2020-03-27 01:19, infoomatic wrote:
> While I do suggest using scripts and CLI, fwbuilder is probably worth a
> look for GUI fans.
>
>
> On 26.03.20 12:35, Turritopsis Dohrnii Teo En Ming wrote:
>> Good evening from Singapore,
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be very involved and tedious to configure iptables firewall using the
>> command line approach.
>>
>> Are there any good rankings and reviews on the best GUI frontend to
>> iptables firewall?
>>
>> I am looking forward to hearing from you soon.
>>
>> Thank you very much.
I am a GUI fan :)
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 23:11 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 9:04 ` Daniel
2020-03-27 11:24 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Daniel @ 2020-03-27 9:04 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming, david; +Cc: netfilter
Le 27/03/2020 à 00:11, Turritopsis Dohrnii Teo En Ming a écrit :
> On 2020-03-27 00:21, david@hajes.org wrote:
>> best GUI is prompt/command line ;-)
>>
>> with nftables and native scripting is everything more simple
>>
>> On 26/03/2020 12:35, Turritopsis Dohrnii Teo En Ming wrote:
>>> Good evening from Singapore,
>>>
>>> May I know what is the BEST GUI frontend to iptables firewall? It
>>> can be very involved and tedious to configure iptables firewall
>>> using the command line approach.
>>>
>>> Are there any good rankings and reviews on the best GUI frontend to
>>> iptables firewall?
>>>
>>> I am looking forward to hearing from you soon.
>>>
>>> Thank you very much.
>
> What is nftables?
It's the replacement of iptables
https://wiki.debian.org/nftables
--
Daniel Huhardeaux
+33.368460088@tootai.net sip:820@sip.tootai.net
+41.445532125@swiss-itech.ch tootaiNET
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 23:15 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 10:12 ` Robert Sander
2020-03-27 11:26 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Robert Sander @ 2020-03-27 10:12 UTC (permalink / raw)
To: netfilter
[-- Attachment #1.1: Type: text/plain, Size: 630 bytes --]
Am 27.03.20 um 00:15 schrieb Turritopsis Dohrnii Teo En Ming:
> I found a video tutorial for Firewall Builder at the following link. Is
> it the correct one?
>
> http://fwbuilder.sourceforge.net/4.0/videos.shtml
http://fwbuilder.sourceforge.net/ is deprecated. The videos may give a
sense of how fwbuilder works.
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 9:04 ` Daniel
@ 2020-03-27 11:24 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 11:35 ` Reindl Harald
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-27 11:24 UTC (permalink / raw)
To: Daniel; +Cc: david, netfilter, ceo
On 2020-03-27 17:04, Daniel wrote:
> Le 27/03/2020 à 00:11, Turritopsis Dohrnii Teo En Ming a écrit :
>> On 2020-03-27 00:21, david@hajes.org wrote:
>>> best GUI is prompt/command line ;-)
>>>
>>> with nftables and native scripting is everything more simple
>>>
>>> On 26/03/2020 12:35, Turritopsis Dohrnii Teo En Ming wrote:
>>>> Good evening from Singapore,
>>>>
>>>> May I know what is the BEST GUI frontend to iptables firewall? It
>>>> can be very involved and tedious to configure iptables firewall
>>>> using the command line approach.
>>>>
>>>> Are there any good rankings and reviews on the best GUI frontend to
>>>> iptables firewall?
>>>>
>>>> I am looking forward to hearing from you soon.
>>>>
>>>> Thank you very much.
>>
>> What is nftables?
>
> It's the replacement of iptables
>
> https://wiki.debian.org/nftables
Noted with thanks.
I understand that nftables has replaced iptables since the year 2014
with the release of Linux kernel 3.13.
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 10:12 ` Robert Sander
@ 2020-03-27 11:26 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 12:09 ` Robert Sander
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-27 11:26 UTC (permalink / raw)
To: Robert Sander; +Cc: netfilter, ceo
On 2020-03-27 18:12, Robert Sander wrote:
> Am 27.03.20 um 00:15 schrieb Turritopsis Dohrnii Teo En Ming:
>
>> I found a video tutorial for Firewall Builder at the following link.
>> Is
>> it the correct one?
>>
>> http://fwbuilder.sourceforge.net/4.0/videos.shtml
>
> http://fwbuilder.sourceforge.net/ is deprecated. The videos may give a
> sense of how fwbuilder works.
>
> Regards
Does the new Firewall Builder support nftables?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 11:49 ` ѽ҉ᶬḳ℠
2020-03-26 12:13 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 11:30 ` Turritopsis Dohrnii Teo En Ming
1 sibling, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-27 11:30 UTC (permalink / raw)
To: vtol; +Cc: netfilter, ceo
On 2020-03-26 19:49, ѽ҉ᶬḳ℠ wrote:
> On 26/03/2020 11:35, Turritopsis Dohrnii Teo En Ming wrote:
>> Good evening from Singapore,
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be very involved and tedious to configure iptables firewall using the
>> command line approach.
>>
>> Are there any good rankings and reviews on the best GUI frontend to
>> iptables firewall?
>>
>> I am looking forward to hearing from you soon.
>>
>> Thank you very much.
>
> "best" is rather something in the eye of the beholder / user
> perspective. Some distros provide a comprehensive management GUI that
> includes firewall management.
>
> Back in the (iptables) day this distro independent GUI
> https://configserver.com/cp/csf.html served me well, also integrates
> with various admin panels.
Does ConfigServer Security and Firewall (csf) support nftables?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 11:24 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 11:35 ` Reindl Harald
2020-03-27 12:11 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Reindl Harald @ 2020-03-27 11:35 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming, Daniel; +Cc: david, netfilter
Am 27.03.20 um 12:24 schrieb Turritopsis Dohrnii Teo En Ming:
>>> What is nftables?
>>
>> It's the replacement of iptables
>>
>> https://wiki.debian.org/nftables
>
> Noted with thanks.
>
> I understand that nftables has replaced iptables since the year 2014
> with the release of Linux kernel 3.13.
you can use *both* (even at the same time while it's nonsense), kernel
5.5 and above still support iptables as all the years before
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 11:26 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 12:09 ` Robert Sander
2020-03-27 12:13 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Robert Sander @ 2020-03-27 12:09 UTC (permalink / raw)
To: netfilter
[-- Attachment #1.1: Type: text/plain, Size: 518 bytes --]
On 27.03.20 12:26, Turritopsis Dohrnii Teo En Ming wrote:
> Does the new Firewall Builder support nftables?
Currently not, it would need a new rules compiler for that.
Maybe someone from the netfilter comunity is willing to develop that.
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 11:35 ` Reindl Harald
@ 2020-03-27 12:11 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 12:13 ` Daniel
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-27 12:11 UTC (permalink / raw)
To: Reindl Harald; +Cc: Daniel, david, netfilter, ceo
On 2020-03-27 19:35, Reindl Harald wrote:
> Am 27.03.20 um 12:24 schrieb Turritopsis Dohrnii Teo En Ming:
>>>> What is nftables?
>>>
>>> It's the replacement of iptables
>>>
>>> https://wiki.debian.org/nftables
>>
>> Noted with thanks.
>>
>> I understand that nftables has replaced iptables since the year 2014
>> with the release of Linux kernel 3.13.
>
> you can use *both* (even at the same time while it's nonsense), kernel
> 5.5 and above still support iptables as all the years before
But it's better to use nftables over iptables?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 12:09 ` Robert Sander
@ 2020-03-27 12:13 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-27 12:13 UTC (permalink / raw)
To: Robert Sander; +Cc: netfilter, ceo
On 2020-03-27 20:09, Robert Sander wrote:
> On 27.03.20 12:26, Turritopsis Dohrnii Teo En Ming wrote:
>
>> Does the new Firewall Builder support nftables?
>
> Currently not, it would need a new rules compiler for that.
> Maybe someone from the netfilter comunity is willing to develop that.
>
> Regards
Are there any other GUI frontends that would support nftables?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 12:11 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-27 12:13 ` Daniel
2020-03-27 13:59 ` Reindl Harald
0 siblings, 1 reply; 25+ messages in thread
From: Daniel @ 2020-03-27 12:13 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming, Reindl Harald; +Cc: david, netfilter
Le 27/03/2020 à 13:11, Turritopsis Dohrnii Teo En Ming a écrit :
> On 2020-03-27 19:35, Reindl Harald wrote:
>> Am 27.03.20 um 12:24 schrieb Turritopsis Dohrnii Teo En Ming:
>>>>> What is nftables?
>>>>
>>>> It's the replacement of iptables
>>>>
>>>> https://wiki.debian.org/nftables
>>>
>>> Noted with thanks.
>>>
>>> I understand that nftables has replaced iptables since the year 2014
>>> with the release of Linux kernel 3.13.
>>
>> you can use *both* (even at the same time while it's nonsense), kernel
>> 5.5 and above still support iptables as all the years before
>
> But it's better to use nftables over iptables?
nftables is the future
--
Daniel Huhardeaux
+33.368460088@tootai.net sip:820@sip.tootai.net
+41.445532125@swiss-itech.ch tootaiNET
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 12:13 ` Daniel
@ 2020-03-27 13:59 ` Reindl Harald
2020-03-28 1:27 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Reindl Harald @ 2020-03-27 13:59 UTC (permalink / raw)
To: Daniel, Turritopsis Dohrnii Teo En Ming; +Cc: david, netfilter
Am 27.03.20 um 13:13 schrieb Daniel:
>
> Le 27/03/2020 à 13:11, Turritopsis Dohrnii Teo En Ming a écrit :
>> On 2020-03-27 19:35, Reindl Harald wrote:
>>> Am 27.03.20 um 12:24 schrieb Turritopsis Dohrnii Teo En Ming:
>>>>>> What is nftables?
>>>>>
>>>>> It's the replacement of iptables
>>>>>
>>>>> https://wiki.debian.org/nftables
>>>>
>>>> Noted with thanks.
>>>>
>>>> I understand that nftables has replaced iptables since the year 2014
>>>> with the release of Linux kernel 3.13.
>>>
>>> you can use *both* (even at the same time while it's nonsense), kernel
>>> 5.5 and above still support iptables as all the years before
>>
>> But it's better to use nftables over iptables?
> nftables is the future
the future don't help when you have working stuff running and on my
prodcution machines the future is nice but the *present* is relevant
the present with ipset as example
but yes, please as much as possible people should jump to nftables, i am
early adopter enough with Fedora in production over 15 years :-)
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-26 11:35 What is the BEST GUI frontend to iptables firewall? Turritopsis Dohrnii Teo En Ming
` (3 preceding siblings ...)
[not found] ` <467df868-97b0-c665-668b-df8813b7eae0@gmx.at>
@ 2020-03-27 17:28 ` Eric Garver
2020-03-28 1:30 ` Turritopsis Dohrnii Teo En Ming
4 siblings, 1 reply; 25+ messages in thread
From: Eric Garver @ 2020-03-27 17:28 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming; +Cc: netfilter
On Thu, Mar 26, 2020 at 07:35:01PM +0800, Turritopsis Dohrnii Teo En Ming wrote:
> Good evening from Singapore,
>
> May I know what is the BEST GUI frontend to iptables firewall? It can be
> very involved and tedious to configure iptables firewall using the command
> line approach.
>
> Are there any good rankings and reviews on the best GUI frontend to iptables
> firewall?
Disclaimer: I'm the current firewalld maintainer.
firewall-config is the firewalld GUI. It ships in a few distros by
default [1]. It's also available to install in many distributions. It
supports both iptables and nftables as firewall backends.
The current GUI is a bit dated. An alternatively is to use cockpit [2].
It provides basic functionality, but is often enough for simple use
cases.
The biggest negative of firewalld is it does not fully support output or
forward filtering. This is currently in development [3].
Hope that helps.
Eric.
[1] https://firewalld.org/ (see "Who is using it?" section)
[2] https://cockpit-project.org/
[3] https://github.com/orgs/firewalld/projects/1#card-25963208
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 13:59 ` Reindl Harald
@ 2020-03-28 1:27 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-28 1:27 UTC (permalink / raw)
To: Reindl Harald; +Cc: Daniel, david, netfilter, ceo
On 2020-03-27 21:59, Reindl Harald wrote:
> Am 27.03.20 um 13:13 schrieb Daniel:
>>
>> Le 27/03/2020 à 13:11, Turritopsis Dohrnii Teo En Ming a écrit :
>>> On 2020-03-27 19:35, Reindl Harald wrote:
>>>> Am 27.03.20 um 12:24 schrieb Turritopsis Dohrnii Teo En Ming:
>>>>>>> What is nftables?
>>>>>>
>>>>>> It's the replacement of iptables
>>>>>>
>>>>>> https://wiki.debian.org/nftables
>>>>>
>>>>> Noted with thanks.
>>>>>
>>>>> I understand that nftables has replaced iptables since the year
>>>>> 2014
>>>>> with the release of Linux kernel 3.13.
>>>>
>>>> you can use *both* (even at the same time while it's nonsense),
>>>> kernel
>>>> 5.5 and above still support iptables as all the years before
>>>
>>> But it's better to use nftables over iptables?
>> nftables is the future
>
> the future don't help when you have working stuff running and on my
> prodcution machines the future is nice but the *present* is relevant
>
> the present with ipset as example
>
> but yes, please as much as possible people should jump to nftables, i
> am
> early adopter enough with Fedora in production over 15 years :-)
I think I started with Red Hat Linux 9 :)
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-27 17:28 ` Eric Garver
@ 2020-03-28 1:30 ` Turritopsis Dohrnii Teo En Ming
2020-03-28 6:38 ` Reindl Harald
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-28 1:30 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming; +Cc: netfilter, netfilter-owner
On 2020-03-28 01:28, Eric Garver wrote:
> On Thu, Mar 26, 2020 at 07:35:01PM +0800, Turritopsis Dohrnii Teo En
> Ming wrote:
>> Good evening from Singapore,
>>
>> May I know what is the BEST GUI frontend to iptables firewall? It can
>> be
>> very involved and tedious to configure iptables firewall using the
>> command
>> line approach.
>>
>> Are there any good rankings and reviews on the best GUI frontend to
>> iptables
>> firewall?
>
> Disclaimer: I'm the current firewalld maintainer.
>
> firewall-config is the firewalld GUI. It ships in a few distros by
> default [1]. It's also available to install in many distributions. It
> supports both iptables and nftables as firewall backends.
>
> The current GUI is a bit dated. An alternatively is to use cockpit [2].
> It provides basic functionality, but is often enough for simple use
> cases.
>
> The biggest negative of firewalld is it does not fully support output
> or
> forward filtering. This is currently in development [3].
>
> Hope that helps.
> Eric.
>
> [1] https://firewalld.org/ (see "Who is using it?" section)
> [2] https://cockpit-project.org/
> [3] https://github.com/orgs/firewalld/projects/1#card-25963208
I think Cockpit functions like Webmin. Please correct me if I am wrong.
What is output and forward filtering?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-28 1:30 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-28 6:38 ` Reindl Harald
2020-03-28 6:49 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Reindl Harald @ 2020-03-28 6:38 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming; +Cc: netfilter, netfilter-owner
Am 28.03.20 um 02:30 schrieb Turritopsis Dohrnii Teo En Ming:
> I think Cockpit functions like Webmin. Please correct me if I am wrong.
>
> What is output and forward filtering?
Chain OUTPUT and Chain FORWARD?
outgoing traffic and forwarding traffic aka router
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-28 6:38 ` Reindl Harald
@ 2020-03-28 6:49 ` Turritopsis Dohrnii Teo En Ming
2020-03-28 6:55 ` Reindl Harald
0 siblings, 1 reply; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-28 6:49 UTC (permalink / raw)
To: Reindl Harald; +Cc: netfilter, ceo
On 2020-03-28 14:38, Reindl Harald wrote:
> Am 28.03.20 um 02:30 schrieb Turritopsis Dohrnii Teo En Ming:
>
>> I think Cockpit functions like Webmin. Please correct me if I am
>> wrong.
>>
>> What is output and forward filtering?
>
> Chain OUTPUT and Chain FORWARD?
> outgoing traffic and forwarding traffic aka router
That means I can't configure a Linux router using firewalld?
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-28 6:49 ` Turritopsis Dohrnii Teo En Ming
@ 2020-03-28 6:55 ` Reindl Harald
2020-03-28 7:08 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 1 reply; 25+ messages in thread
From: Reindl Harald @ 2020-03-28 6:55 UTC (permalink / raw)
To: Turritopsis Dohrnii Teo En Ming; +Cc: netfilter
Am 28.03.20 um 07:49 schrieb Turritopsis Dohrnii Teo En Ming:
> On 2020-03-28 14:38, Reindl Harald wrote:
>> Am 28.03.20 um 02:30 schrieb Turritopsis Dohrnii Teo En Ming:
>>
>>> I think Cockpit functions like Webmin. Please correct me if I am wrong.
>>>
>>> What is output and forward filtering?
>>
>> Chain OUTPUT and Chain FORWARD?
>> outgoing traffic and forwarding traffic aka router
>
> That means I can't configure a Linux router using firewalld?
firewalld is a toy for ordinary endusers and a *firewall* which deserves
that name is not just open ports form A to B
-----------------------------------------------------------------------------------------------
IPV4 TABLE MANGLE (STATEFUL PRE-NAT/FILTER)
-----------------------------------------------------------------------------------------------
Chain PREROUTING (policy ACCEPT 3 packets, 180 bytes)
num pkts bytes target prot opt in out source
destination
1 987 132K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
2 3 180 INBOUND all -- wan * 0.0.0.0/0
0.0.0.0/0 ctstate NEW ! match-set EXCLUDES_IPV4 src
3 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
Chain INPUT (policy ACCEPT 715 packets, 44677 bytes)
num pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 275 packets, 87830 bytes)
num pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 664 packets, 253K bytes)
num pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 939 packets, 341K bytes)
num pkts bytes target prot opt in out source
destination
Chain INBOUND (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LD_SCAN all -- * * 0.0.0.0/0
0.0.0.0/0 match-set PORTSCAN_PORTS dst ! match-set
HONEYPOT_IPS_IPV4 dst
2 0 0 IPST_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 recent: CHECK seconds: 2 hit_count: 200 name: all
side: source mask: 255.255.255.255
3 0 0 LD_R_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 recent: UPDATE seconds: 2 hit_count: 150 name: all
side: source mask: 255.255.255.255
4 3 180 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: all side: source mask:
255.255.255.255
5 0 0 LD_C_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 #conn src/24 > 250
6 0 0 LD_C_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 #conn src/32 > 120
7 0 0 LD_C_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 #conn src/16 > 500
8 3 180 IN_TCP tcp -- * * 0.0.0.0/0
0.0.0.0/0
9 0 0 IN_DNS all -- * * 0.0.0.0/0
0.0.0.0/0 match-set DNS_PORT dst
10 0 0 DROP all -- * * 172.16.0.0/24
0.0.0.0/0
Chain IN_DNS (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LD_C_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 #conn src/32 > 50
2 0 0 LD_R_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 recent: UPDATE seconds: 2 reap hit_count: 60 name:
dns side: source mask: 255.255.255.255
3 0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: dns side: source mask:
255.255.255.255
Chain IN_FTP (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LD_R_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 recent: UPDATE seconds: 2 reap hit_count: 20 name:
ftp side: source mask: 255.255.255.255
2 0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: ftp side: source mask:
255.255.255.255
Chain IN_SSH (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LD_R_ALL all -- * * 0.0.0.0/0
0.0.0.0/0 recent: UPDATE seconds: 60 reap hit_count: 15
name: ssh side: source mask: 255.255.255.255
2 3 180 all -- * * 0.0.0.0/0
0.0.0.0/0 recent: SET name: ssh side: source mask:
255.255.255.255
Chain IN_TCP (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02
2 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcpmss match 1:500
3 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 match-set BLOCKED_DYNAMIC_MAIL_IPV4 src match-set
PORTS_MAIL dst
4 3 180 IN_SSH tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:10022
5 0 0 IN_FTP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
Chain IPST_ALL (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 NFLOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
"IPSET-All:" nflog-group 32
2 0 0 SET all -- * * 0.0.0.0/0
0.0.0.0/0 add-set BLOCKED_DYNAMIC_IPV4 src exist
3 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain LD_C_ALL (4 references)
num pkts bytes target prot opt in out source
destination
1 0 0 NFLOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
"Connlimit-All:" nflog-group 32
2 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain LD_R_ALL (4 references)
num pkts bytes target prot opt in out source
destination
1 0 0 NFLOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
"Ratelimit-All:" nflog-group 32
2 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain LD_SCAN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 NFLOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 15/min burst 1 nflog-prefix
"Portscan:" nflog-group 33
2 0 0 SET all -- * * 0.0.0.0/0
0.0.0.0/0 add-set BLOCKED_DYNAMIC_PORTSCAN_IPV4 src exist
3 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
-----------------------------------------------------------------------------------------------
IPV4 TABLE RAW (STATELESS PRE-CONNTRACK)
-----------------------------------------------------------------------------------------------
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 862 55342 INBOUND all -- wan * 0.0.0.0/0
0.0.0.0/0
2 989 132K ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
3 1 167 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
5 2 72 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 664 packets, 253K bytes)
num pkts bytes target prot opt in out source
destination
Chain INBOUND (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 match-set BLOCKED_MERGED_IPV4 src
2 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 match-set BLOCKED_DYNAMIC_PORTSCAN_IPV4 src
3 861 55175 IN_TCP tcp -- * * 0.0.0.0/0
0.0.0.0/0
Chain IN_TCP (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29
2 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
3 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x11/0x01
4 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x05/0x05
5 0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x30/0x20
6 0 0 CT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 CT helper ftp
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: What is the BEST GUI frontend to iptables firewall?
2020-03-28 6:55 ` Reindl Harald
@ 2020-03-28 7:08 ` Turritopsis Dohrnii Teo En Ming
0 siblings, 0 replies; 25+ messages in thread
From: Turritopsis Dohrnii Teo En Ming @ 2020-03-28 7:08 UTC (permalink / raw)
To: Reindl Harald; +Cc: netfilter, ceo
On 2020-03-28 14:55, Reindl Harald wrote:
> Am 28.03.20 um 07:49 schrieb Turritopsis Dohrnii Teo En Ming:
>> On 2020-03-28 14:38, Reindl Harald wrote:
>>> Am 28.03.20 um 02:30 schrieb Turritopsis Dohrnii Teo En Ming:
>>>
>>>> I think Cockpit functions like Webmin. Please correct me if I am
>>>> wrong.
>>>>
>>>> What is output and forward filtering?
>>>
>>> Chain OUTPUT and Chain FORWARD?
>>> outgoing traffic and forwarding traffic aka router
>>
>> That means I can't configure a Linux router using firewalld?
>
> firewalld is a toy for ordinary endusers and a *firewall* which
> deserves
> that name is not just open ports form A to B
>
> -----------------------------------------------------------------------------------------------
> IPV4 TABLE MANGLE (STATEFUL PRE-NAT/FILTER)
> -----------------------------------------------------------------------------------------------
> Chain PREROUTING (policy ACCEPT 3 packets, 180 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 987 132K ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
> 2 3 180 INBOUND all -- wan * 0.0.0.0/0
> 0.0.0.0/0 ctstate NEW ! match-set EXCLUDES_IPV4 src
> 3 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 ctstate INVALID
>
> Chain INPUT (policy ACCEPT 715 packets, 44677 bytes)
> num pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 275 packets, 87830 bytes)
> num pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 664 packets, 253K bytes)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 939 packets, 341K bytes)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INBOUND (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LD_SCAN all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set PORTSCAN_PORTS dst ! match-set
> HONEYPOT_IPS_IPV4 dst
> 2 0 0 IPST_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: CHECK seconds: 2 hit_count: 200 name: all
> side: source mask: 255.255.255.255
> 3 0 0 LD_R_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: UPDATE seconds: 2 hit_count: 150 name:
> all
> side: source mask: 255.255.255.255
> 4 3 180 all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: SET name: all side: source mask:
> 255.255.255.255
> 5 0 0 LD_C_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 #conn src/24 > 250
> 6 0 0 LD_C_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 #conn src/32 > 120
> 7 0 0 LD_C_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 #conn src/16 > 500
> 8 3 180 IN_TCP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 9 0 0 IN_DNS all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set DNS_PORT dst
> 10 0 0 DROP all -- * * 172.16.0.0/24
> 0.0.0.0/0
>
> Chain IN_DNS (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LD_C_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 #conn src/32 > 50
> 2 0 0 LD_R_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: UPDATE seconds: 2 reap hit_count: 60
> name:
> dns side: source mask: 255.255.255.255
> 3 0 0 all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: SET name: dns side: source mask:
> 255.255.255.255
>
> Chain IN_FTP (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LD_R_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: UPDATE seconds: 2 reap hit_count: 20
> name:
> ftp side: source mask: 255.255.255.255
> 2 0 0 all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: SET name: ftp side: source mask:
> 255.255.255.255
>
> Chain IN_SSH (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LD_R_ALL all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: UPDATE seconds: 60 reap hit_count: 15
> name: ssh side: source mask: 255.255.255.255
> 2 3 180 all -- * * 0.0.0.0/0
> 0.0.0.0/0 recent: SET name: ssh side: source mask:
> 255.255.255.255
>
> Chain IN_TCP (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:!0x17/0x02
> 2 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcpmss match 1:500
> 3 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set BLOCKED_DYNAMIC_MAIL_IPV4 src match-set
> PORTS_MAIL dst
> 4 3 180 IN_SSH tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:10022
> 5 0 0 IN_FTP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:21
>
> Chain IPST_ALL (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 NFLOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
> "IPSET-All:" nflog-group 32
> 2 0 0 SET all -- * * 0.0.0.0/0
> 0.0.0.0/0 add-set BLOCKED_DYNAMIC_IPV4 src exist
> 3 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain LD_C_ALL (4 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 NFLOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
> "Connlimit-All:" nflog-group 32
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain LD_R_ALL (4 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 NFLOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 5/sec burst 5 nflog-prefix
> "Ratelimit-All:" nflog-group 32
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain LD_SCAN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 NFLOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 15/min burst 1 nflog-prefix
> "Portscan:" nflog-group 33
> 2 0 0 SET all -- * * 0.0.0.0/0
> 0.0.0.0/0 add-set BLOCKED_DYNAMIC_PORTSCAN_IPV4 src exist
> 3 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
>
> -----------------------------------------------------------------------------------------------
> IPV4 TABLE RAW (STATELESS PRE-CONNTRACK)
> -----------------------------------------------------------------------------------------------
> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 862 55342 INBOUND all -- wan * 0.0.0.0/0
> 0.0.0.0/0
> 2 989 132K ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 3 1 167 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 2 72 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 664 packets, 253K bytes)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INBOUND (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set BLOCKED_MERGED_IPV4 src
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 match-set BLOCKED_DYNAMIC_PORTSCAN_IPV4 src
> 3 861 55175 IN_TCP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain IN_TCP (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x29
> 2 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x00
> 3 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x11/0x01
> 4 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x05/0x05
> 5 0 0 DROP tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x30/0x20
> 6 0 0 CT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:21 CT helper ftp
I am impressed :)
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2020-03-28 7:08 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-26 11:35 What is the BEST GUI frontend to iptables firewall? Turritopsis Dohrnii Teo En Ming
2020-03-26 11:49 ` ѽ҉ᶬḳ℠
2020-03-26 12:13 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 11:30 ` Turritopsis Dohrnii Teo En Ming
2020-03-26 20:27 ` Robert Sander
2020-03-26 23:15 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 10:12 ` Robert Sander
2020-03-27 11:26 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 12:09 ` Robert Sander
2020-03-27 12:13 ` Turritopsis Dohrnii Teo En Ming
[not found] ` <330d7201-6561-61a9-9095-8bdf8ee1518b@hajes.org>
2020-03-26 23:11 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 9:04 ` Daniel
2020-03-27 11:24 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 11:35 ` Reindl Harald
2020-03-27 12:11 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 12:13 ` Daniel
2020-03-27 13:59 ` Reindl Harald
2020-03-28 1:27 ` Turritopsis Dohrnii Teo En Ming
[not found] ` <467df868-97b0-c665-668b-df8813b7eae0@gmx.at>
2020-03-26 23:18 ` Turritopsis Dohrnii Teo En Ming
2020-03-27 17:28 ` Eric Garver
2020-03-28 1:30 ` Turritopsis Dohrnii Teo En Ming
2020-03-28 6:38 ` Reindl Harald
2020-03-28 6:49 ` Turritopsis Dohrnii Teo En Ming
2020-03-28 6:55 ` Reindl Harald
2020-03-28 7:08 ` Turritopsis Dohrnii Teo En Ming
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.