It's well-known that manually add/remove/design iptables rule is tedious/cumbersome/error-prone. I want to know if there is any powerful and feature-rich iptables GUI available on Linux? I've tried fwbuilder, but it doesn't meet my expectations.

Regards,
HZ

(Lately there seem to be quite some off-topic posts here in CUS.)

On 04.11.2021 08:57, hongy...@gmail.com wrote:
> It's well-known that manually add/remove/design iptables rule is
> tedious/cumbersome/error-prone. I want to know if there is any
> powerful and feature-rich iptables GUI available on Linux? I've tried
> fwbuilder, but it doesn't meet my expectations.

Isn't that a Linux (or networking or Unix admin) question?

>
> Regards, HZ
>

On 04.11.2021 at 10:44, Janis Papanagnou scribbled:

> (Lately there seem to be quite some off-topic posts here in CUS.)
>
> On 04.11.2021 08:57, hongy...@gmail.com wrote:
> > It's well-known that manually add/remove/design iptables rule is
> > tedious/cumbersome/error-prone. I want to know if there is any
> > powerful and feature-rich iptables GUI available on Linux? I've
> > tried fwbuilder, but it doesn't meet my expectations.

There used to (and still may) be something called WebMin, which was/is a
complete browser-based GNU/Linux administration user interface, and I
believe — but don't pin me down on this — that it also had/has a
firewall section.

You would simply direct your browser at...

http://127.0.0.1:10000

.... and log in as root.

The software was supplied as standard with RedHat and derivative
distributions at the time, and there are commercial versions of it as
well, for managing multiple physical or virtual servers.

The authors also offer (and sell commercial licenses for) similarly
working software for domain hosting, albeit that they only officially
support CentOS.

Their software does not come in .deb packages, so unless Debian is
repackaging said software and offering it via their own repositories,
you're out of luck. Well, unless you'd be willing to build the
software from sources, of course.

Either way, DuckDuckGo is your friend.

> Isn't that a Linux (or networking or Unix admin) question?

Specifically GNU/Linux, yes, but you-know-who is too lazy to...

- think for himself;
- do his own research;
- set up a proper newsreader instead of using Google Groups
(which I am filtering out in all newsgroups); and thus...
- find himself a more appropriate newsgroup whenever such a choice
would be due.

This group here is his one-stop shop for everything computer-related.
He's a help vampire, and the worst part of it all is that you are all
too willing to keep on feeding him.

For all we know, HZ could be...

- asking you guys to solve some task assigned to him at work, which
HE — not you — is being paid for; or...
- doing something illegal/unethical.

The only active regular of this newsgroup beside myself — and I'm not
even an active regular, because I'm not a professional sysadmin and I
don't hold a degree in computer science; when it comes to computer
science and information technology, I am basically a complete autodidact
— who seems to find Hongyi's perpetual vampirism sufficiently curious is
Kenny. Everyone else is all too eager to show off their knowledge of the
various shells, awk versions, regular expressions, and what is and is
not specified in the various UNIX and POSIX standards.

I am a moderator at the official forum for Manjaro Linux, and I am
currently said forum's leader in terms of the number of accepted
solutions. So I am definitely not afraid of offering help to
newbies — and even not-so-newbies — in the form of literal
instructions. I've also written a couple of very step-by-step tutorials
that are regularly being linked to — by myself as well as by my fellow
moderators — but every once in a while you really do have to tell people
to RTFM, and especially when dealing with a help vampire.

</rant>

--
With respect,
= Aragorn

On 11/4/21 10:29 AM, Aragorn wrote:
> There used to (and still may) be something called WebMin, which was/is
> a complete browser-based GNU/Linux administration user interface,
> and I believe — but don't pin me down on this — that it also
> had/has a firewall section.

Yes, Webmin is still a thing.

Yes, Webmin supports* multiple firewalls.

*I'm currently having a minor issue with Webmin's firewall module for
{iptables,netfilter}-persistent on Debian 10. But this may be simply a
mis-configuration by the person that installed it. -- Webmin is
managing the rules file that the system uses. I'm just having a problem
with it applying the rules. I can manually apply the rules that Webmin
created without any problem.

> You would simply direct your browser at...
>
> http://127.0.0.1:10000

Port 10,000 is the /default/ port.

> Their software does not come in .deb packages, so unless Debian is
> repackaging said software and offering it via their own repositories,
> you're out of luck. Well, unless you'd be willing to build the
> software from sources, of course.

Webmin itself installs quite well on contemporary Debian systems via a
script that they provide.

--
Grant. . . .
unix || die

On Friday, November 5, 2021 at 1:53:43 AM UTC+8, Grant Taylor wrote:
> On 11/4/21 10:29 AM, Aragorn wrote:
> > There used to (and still may) be something called WebMin, which was/is
> > a complete browser-based GNU/Linux administration user interface,
> > and I believe — but don't pin me down on this — that it also
> > had/has a firewall section.
> Yes, Webmin is still a thing.
>
> Yes, Webmin supports* multiple firewalls.
>
> *I'm currently having a minor issue with Webmin's firewall module for
> {iptables,netfilter}-persistent on Debian 10. But this may be simply a
> mis-configuration by the person that installed it. -- Webmin is
> managing the rules file that the system uses. I'm just having a problem
> with it applying the rules. I can manually apply the rules that Webmin
> created without any problem.
> > You would simply direct your browser at...
> >
> > http://127.0.0.1:10000
> Port 10,000 is the /default/ port.
> > Their software does not come in .deb packages, so unless Debian is
> > repackaging said software and offering it via their own repositories,
> > you're out of luck. Well, unless you'd be willing to build the
> > software from sources, of course.
> Webmin itself installs quite well on contemporary Debian systems via a
> script that they provide.

Thank you for letting me know of this tool.
HZ

On 04.11.2021 17:29, Aragorn wrote:
> On 04.11.2021 at 10:44, Janis Papanagnou scribbled:
>
>> (Lately there seem to be quite some off-topic posts here in CUS.)
> [...]
>> Isn't that a Linux (or networking or Unix admin) question?

(Note that this was a rhetorical question, coupled with the hope that
the OP might re-think and better control his posting habits. All we
can do is make suggestions, technical and meta.)

> Specifically GNU/Linux, yes, but you-know-who is too lazy to...
> [...]
> This group here is his one-stop shop for everything computer-related.

A good characterization.

> He's a help vampire, and the worst part of it all is that you are all
> too willing to keep on feeding him.

As long as it's on-topic we can only complain that he's not doing his
homework, and we can be dissatisfied about the learning curve.

Is your suggestion to completely ignore him (actually like putting him
in our killfiles)? (Note: not a rhetorical question.)

(Personally I find some "spin-off replies" I read here even useful. But
the mass of such postings is annoying.)

> [...] Everyone else is all too eager to show off their knowledge of the
> various shells, awk versions, regular expressions, and what is and is
> not specified in the various UNIX and POSIX standards.

Your personal aspects aside, aren't these topics a substantial part of
the newsgroup agenda? (Yes, now again a rhetorical question.)

Janis

Aragorn <thorongil@telenet.be> wrote:
> Specifically GNU/Linux, yes, but you-know-who is too lazy to...
>
> - think for himself;
> - do his own research;
> - set up a proper newsreader instead of using Google Groups
> (which I am filtering out in all newsgroups); and thus...
> - find himself a more appropriate newsgroup whenever such a choice
> would be due.

For the third point HZ might have a valid excuse. In HZ's old
messages years ago he was using a newsserver from China (originating
path news.neu.edu.cn!news.cn99.com). After that he changed for a
while to a russian server goblin.stu.neva.ru. I guess the chinese
servers got shut down, so he had to switch to a russian server.
Now he posts from google groups, maybe not because of HZ's laziness,
but because it's getting harder to reach usenet from China.

As a matter of fact the disappearance of university newsservers and
workplaces firewalling ports 119/563 was one of the main causes that
silently precipitated the decline of Usenet traffic in the early 2000s.