Graphical tools for firewall configuration
Conclusions
The firewall GUIs discussed here are all suitable for securing IT infrastructures. However, the individual tools focus on different user groups and scenarios: Gufw is somewhat out of the ordinary, because it primarily targets desktop systems. PeerGuardian is not a classic firewall interface but is limited to working with blocklists. The software does not let you implement complex rule constructs, but it is useful as a firewall extension.
Fwbuilder, firewalld, and Shorewall primarily target server systems and therefore have far more features. Fwbuilder is also suitable for use in heterogeneous environments with various server operating systems and even with some manufacturers' appliances. The software can compile appropriate configuration files depending on a firewall's syntax. On the other hand, Shorewall can be configured with Webmin and thus managed from remote computers.
Thus, you are spoiled for choice (for an overview of features, see Table 1). In the end, your choice depends on your distribution and network security requirements.
Table 1
An Overview of Firewall GUIs
Feature | firewalld | fwbuilder | Gufw | Shorewall |
---|---|---|---|---|
Requirements |
Netfilter |
Netfilter and iptables |
Netfilter and iptables |
Netfilter and iptables |
Cross-Platform |
No |
Yes |
No |
No |
Remote Host |
No |
Yes |
Yes |
Yes |
IPv4/IPv6 |
Yes/Yes |
Yes/Yes |
Yes/Yes |
Yes/Yes |
Zone Model |
Yes |
No |
Yes (profile) |
Yes |
Chain and Control Model |
No |
Yes |
Yes |
Yes |
Dynamic |
Yes |
No |
No |
No |
Application Integration |
No |
No |
Yes |
Limited |
Logging |
Limited |
No |
Yes |
Yes |
Wizard |
No |
Yes |
Limited |
No |
Primary Application |
Server |
Server, desktop, cluster, appliance |
Desktop |
Server, desktop, appliance |
Infos
- Netfilter: http://www.netfilter.org
- Nftables: https://netfilter.org/projects/nftables/
- Iptables: https://netfilter.org/projects/iptables/
- firewalld: http://www.firewalld.org
- fwbuilder: http://www.fwbuilder.org
- Gufw: http://gufw.org
- Shorewall: http://shorewall.org
- PeerGuardian: https://sf.net/projects/peerguardian/
- PeerGuardian blocklists: https://www.iblocklist.com/lists
- FireStarter: https://sf.net/projects/firestarter/
- Turtle Firewall: http://turtlefirewall.sourceforge.net
- FireFlier: http://fireflier.sf.net
- Vuurmuur: https://www.vuurmuur.org/trac/
- IPFire: http://www.ipfire.org
- Untangle NG Firewall: https://www.untangle.com/untangle-ng-firewall/
- Alpine Linux: https://alpinelinux.org
- BSD PF: http://www.openbsd.org/faq/pf/
- Quick Start Guide: http://www.fwbuilder.org/4.0/quick_start_guide.shtml
- UFW: https://wiki.ubuntu.com/UncomplicatedFirewall
- Webmin: http://www.webmin.com
- drakfirewall: https://doc.mageia.org/mcc/5/en/content/drakfirewall.html
Buy this article as PDF
(incl. VAT)