# Which Firewall Package Do You Recommend?

## jcsjr

I have IPTables compiled into the kernel but I don't know which of the Firewall GUI's to use.  Please recommend your favorite.

----------

## Liathus

I actually prefere to configure iptables by hand... that way I know for sure what is going on...

Some of my clients like gui based systems though so I have also used fwbuilder with good results.  It seems to do a good job and would have no problem recommending it if you are sure that you want to use a gui.

----------

## seang

Well, configuring iptables by hand is certainly not for everyone! It's (potentially) very complicated and thus there is plenty of potential for getting it wrong.   :Razz:   Even if you DO want to configure manually, then I think the best learning tool is a GUI to give you a start.

I use guarddog (it's a KDE application - needs kdelibs, of course). There are loads of others, but guarddog has a nice feel to it. Worth a try.

----------

## Vazagi

If you can live without a gui, then I would recommend Shorewall. 

It only took me a couple of minutes getting it up and running after having spent hours trying to figure out IPTables. =/

----------

## swingman

Ditto on shorewall. Easy to set up. Firewall rules look good. Allows complex rules if you want/need them.

   _

/Bjorn.

----------

## neilhwatson

Those of us who wear tinfoil hats  :Shocked:  always build our firewalls by hand.  Afterall, you can't trust THEM.

----------

## Kulfaangaren!

 *neilhwatson wrote:*   

> Those of us who wear tinfoil hats  always build our firewalls by hand.  Afterall, you can't trust THEM.

 

Hehehe *LOL*   :Laughing:  Right you are ! I never trust THEM with anything!

Acctually I don't even trust myself either, I might be brainwashed after all  :Wink: 

// Fredrik

----------

## meteo

firestarter for GNOME2 http://firestarter.sourceforge.net seems to be fine

----------

## Bangz

wow shorewall looks pretty decent.

I might get stuck into it 2morrow.

----------

## Koon

Another vote for Shorewall.

We can't trust THEM but we can look at the rules THEY make  :Wink: 

-K

----------

## malakili

If you're interested in learning how to write iptables rules yourself I would recommend Daniel Robbins' developerWorks tutorial on stateful firewall design.  It walks you through the steps to create your own firewall script, gives you a fully functional script at the end, and is straightforward and easy to understand.

----------

## neilhwatson

Let's expand this topic a little wider.  While not Iptables specific this http://www.oreilly.com/catalog/fire2/ book is a excellent reference for anyone who is serious about firewalls.

----------

## Jarjar

I'm using gShield (in portage) and have done so since RH 7.1. I like it  :Smile: 

----------

## Dr_Stein

Checkpoint FW-1.  :Wink: 

Depending on what your needs are, one of the small office FW1 boxes might be a good idea.

Otherwise, things like Smoothwall and Shorewall are said to be good solutions.

Running your firewall on a dedicated machine is a good practice, too.

----------

## jcsjr

I appreciate all the input!  I'm going to try Shorewall first and also plan on reading the suggested materials.  :Smile: 

 :Sad:  Every Shorewall entry in the Portage tree is marked unstable.  What's the deal?

----------

## Liathus

fwbuilder has stable ebuilds :)   

*Liathus ducks for cover

----------

