Topic: IPChains management

[Aaron]

Hi all. I am an experienced Linux user, using ipchains/iptables. My problem is that I am introducing the e-smith server to some of the classes that I teach. These are mostly newbies and would struggle greatly with manual IPCHAINS configuration etc. Is there some kind of blade or easy management tool that I missed in the server-manager?

What are others doing for the chain management?

Thanks! -Aaron

[Nathan Fowler]

I recommend using:

Mason:
http://dhp.com/~whisper/mason/

or

Fbuilder Plus
http://www.icewalkers.com/softlib/app/app_01535.html

Of couse there's something to be said about knowing the console commands and a firm understanding of ipchians outside of a WYSIWYG configurator

Hope this helped,
Nathan

[Charlie Brady]

Aaron wrote:

> Hi all. I am an experienced Linux user, using
> ipchains/iptables. My problem is that I am introducing the
> e-smith server to some of the classes that I teach. These are
> mostly newbies and would struggle greatly with manual
> IPCHAINS configuration etc. Is there some kind of blade or
> easy management tool that I missed in the server-manager?

IPChains management is automatic. If a service is enabled, then the relevant ports are opened, if not, then they are closed (packets are dropped). All outbound connections are permitted, and masqueraded, which is what most sites want. The only inbound connections permitted are those to services which are enabled for public access.

I hope this information helps.

Regards

Charlie

[Aaron]

Charlie, thanks for the response. Unfortunately, totally permissive outbound access from the NAT'ed network is not desirable or secure for all of my situations.

I only want outbound traffic that I deem necessary. Again, yes *I* can do these commands in custom scripts and from the command line. I'm just looking for a web-based or menu based system for my students to use, as they are new to Linux and firewalling and IPChains can be quite cryptic and intimidating to them.

Thanks again, I do love this product for it's ease of use for newbies and school districts.

-A

Charlie Brady wrote:
>
> Aaron wrote:
>
> > Hi all. I am an experienced Linux user, using
> > ipchains/iptables. My problem is that I am introducing the
> > e-smith server to some of the classes that I teach. These are
> > mostly newbies and would struggle greatly with manual
> > IPCHAINS configuration etc. Is there some kind of blade or
> > easy management tool that I missed in the server-manager?
>
> IPChains management is automatic. If a service is enabled,
> then the relevant ports are opened, if not, then they are
> closed (packets are dropped). All outbound connections are
> permitted, and masqueraded, which is what most sites want.
> The only inbound connections permitted are those to services
> which are enabled for public access.
>
> I hope this information helps.
>
> Regards
>
> Charlie

[Charlie Brady]

Aaron wrote:

> I only want outbound traffic that I deem necessary. Again,
> yes *I* can do these commands in custom scripts and from the
> command line. I'm just looking for a web-based or menu based
> system for my students to use, as they are new to Linux and
> firewalling and IPChains can be quite cryptic and
> intimidating to them.

I'm sure a lot of people would appreciate any add-on to manage outbound connections that you or somebody else can put together. Note that any non-SME specific GUI is likely to be incompatible with the in-built automatic IPChains management. See documentation on this site for how to put an add-on RPM together, and the existing code and templates for ideas on how to have policy based management of ipchains rules.

Regards

Charlie