[PC-BSD Testing] thoughts on fwbuilder

Kris Moore kris at pcbsd.org
Mon Jun 7 05:06:35 PDT 2010


On 06/06/2010 13:40, Dru Lavigne wrote:
>
> What are the thoughts of using fwbuilder (http://www.fwbuilder.org 
> <http://www.fwbuilder.org/>) instead of the current GUI for 9.0? I 
> suggest fwbuilder for the following reasons:
>
> - it's mature, well documented, and fairly intuitive for new firewall 
> users
> - it means we don't have to create, debug and maintain our own utility 
> (the current GUI is quite buggy)
> - it supports pf, ipfw, ipf, iptables, Cisco ACLs, etc. (so people who 
> like ipfw can use it on their PC-BSD system)
> - it provides an interface similar to those seen in industry (e.g. 
> Checkpoint), allowing users to learn one tool regardless of operating 
> system or firewall
> - the lead developer (Vadim) is responsive to change requests and 
> likes to see fwbuilder being used by BSD users
> - the port maintainer (Cy Schubert) is good at keeping the port up-to-date
>
> Thoughts?
>
> Cheers,
>
> Dru
>
> Sounds like a great idea to me. It pretty much works great right now, 
> right? So what would stop us from just switching to it for 8.1 / 8.2? 
> It's just another slave port to add to the build, and sounds like the 
> benefits would be immediate :)
>
> ---
>
> fwbuilder is stable. If you include the package in a future test 
> build, I'll compile a ruleset that matches pf.conf and send it to you 
> along with a screenshot so you know how the fwbuilder ruleset was 
> created. It is then just a matter of referring to the compiled ruleset 
> in /etc/rc.conf so it is loaded as the default. Users can create as 
> many rulesets as they wish (using pf or ipfw) and load the desired 
> ruleset on demand.  I can add firewall documentation to the User 
> Handbook later this summer.
>
> Cheers,
>
> Dru
>

I've added it now, it should be in the next build. Do you have a sample 
rule-set I can test with now? My main concern is that fwbuilder is a bit 
more "complex" than the other tool, for the end-user who simply wants to 
open port "X". If you have a rule-set which pre-loads /etc/pf.conf in 
the utility, it would be great :)

-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100607/daeff0ad/attachment.html>


More information about the Testing mailing list