On Tue, 2002-08-06 at 11:35, Thomas Dodd wrote: > > Florin Andrei wrote: > > >Are there any plans to include FWBuilder in Red Hat? > > > There is alread a configtool for firewalls. > gnome-lokkit. Vahalla also has firewall-config which uses QT. I never said "replace". lokkit is good for the current job. It cannot easily be replaced by something else. I was talking about people using iptables for the "Linux in the enterprise" type of installations. ;-) Or about Linux firewalls in the enterprise. The difference between lokkit and FWBuilder is like between notepad and MS Office. They are completely different products. You cannot replace one with another (and remain sane). You only have to run gnome-lokkit once and read the initial disclaimer: "this is not for firewall experts blah-blah-blah". I mean, it's like this: - lokkit is for beginners or for people without too many clues, or for incredibly busy people (not really), or for installer programs - editing iptables with vi/Emacs is for knowledgeable people, for experts, when doing small installations (and perhaps medium-scale too) - FWBuilder is for experts when doing medium or large installations, on large networks, with many hosts, etc. It is a way to define and enforce easily security policies for _many_ hosts in a consistent way. Think of FWBuilder as an "Open Source CheckPoint" and you'll get the right picture. At least as far as the GUI is concerned. iptables really is to the point where it can be used on large networks. It was just missing a good GUI. FWBuilder fills this gap. I'm using CheckPoint and Cisco PIX all the time (that's what i do for a living), and there are not many things that i would miss in FWBuilder. The essential tools to implement the network security policy in the firewalls and the local (server-level) packet filters are all there. I talked to my colleagues in the network security field about iptables being (or not) ready for the enterprise. We always kind of agreed it's missing something like the CheckPoint interface, to define objects and create consistent policies, etc. So, we said, "it's not ready". And then i discovered FWBuilder. ;-) -- Florin Andrei The geek shall inherit the Earth... _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
