* [Announce] PacketFlow firewall generator
@ 2002-11-26 4:57 Paul Frieden
2002-11-26 22:07 ` cbaker
0 siblings, 1 reply; 3+ messages in thread
From: Paul Frieden @ 2002-11-26 4:57 UTC (permalink / raw)
To: netfilter
Dear Netfilter Users:
I would like to announce the initial public release of a new tool called
PacketFlow. It is a free command line XML based iptables firewall
generator. I would like to invite you to download and evaluate it.
The basic concept of PacketFlow is that of "security levels."* Every
interface has a security level, and it indicates how much the interface
is trusted. By default connections may made from a high security
interface to a low security interface. By default, connections may not
be made from a low security interface to a high security interface.
Both may be overridden with access lists.
Several examples are included in the download. These include dial-up,
broadband, single DMZ, and multiple DMZ examples. These should
illustrate the basics of the configuration file. There are a few
features that are not yet shown in the samples, but hopefully they will
be shown soon.
PacketFlow is currently able to generate complete rule sets. Current
development is focusing on better configuration validation and sanity
checking. That said, the rule sets generated from a valid configuration
file do work well. You are strongly encouraged to read through the
generated rules for yourself.
PacketFlow currently does not support generating NAT rules, but I hope
to add that in the future. Any recommendations on a syntax for NAT
rules would be appreciated.
I would appreciate any feedback that you could provide. There is a FAQ
on the home page listed below, and the source may be downloaded from the
project page. Please submit any bugs that you find to the bug tracking
system on the SourceForge site.
Sincerely,
Paul Frieden
Home page: http://packetflowfw.sourceforge.net
Project page: http://sourceforge.net/projects/packetflowfw/
* This is very similar to the security-levels used by the PIX firewall
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Announce] PacketFlow firewall generator
2002-11-26 4:57 [Announce] PacketFlow firewall generator Paul Frieden
@ 2002-11-26 22:07 ` cbaker
2002-11-27 0:03 ` Robert Wideman
0 siblings, 1 reply; 3+ messages in thread
From: cbaker @ 2002-11-26 22:07 UTC (permalink / raw)
To: netfilter
It sounds good. What else do I need to have installed for this to
work? What type of dependencies will it have?
>
> I would like to announce the initial public release of a new tool
> called PacketFlow. It is a free command line XML based iptables
> firewall generator. I would like to invite you to download and
> evaluate it.
>
> The basic concept of PacketFlow is that of "security levels."* Every
> interface has a security level, and it indicates how much the
> interface is trusted. By default connections may made from a high
> security interface to a low security interface. By default,
> connections may not be made from a low security interface to a high
> security interface. Both may be overridden with access lists.
>
> Several examples are included in the download. These include dial-up,
> broadband, single DMZ, and multiple DMZ examples. These should
> illustrate the basics of the configuration file. There are a few
> features that are not yet shown in the samples, but hopefully they
> will be shown soon.
>
> PacketFlow is currently able to generate complete rule sets. Current
> development is focusing on better configuration validation and sanity
> checking. That said, the rule sets generated from a valid
> configuration file do work well. You are strongly encouraged to read
> through the generated rules for yourself.
>
> PacketFlow currently does not support generating NAT rules, but I hope
> to add that in the future. Any recommendations on a syntax for NAT
> rules would be appreciated.
>
> I would appreciate any feedback that you could provide. There is a
> FAQ on the home page listed below, and the source may be downloaded
> from the project page. Please submit any bugs that you find to the
> bug tracking system on the SourceForge site.
>
> Sincerely,
>
> Paul Frieden
>
> Home page: http://packetflowfw.sourceforge.net
> Project page: http://sourceforge.net/projects/packetflowfw/
>
>
> * This is very similar to the security-levels used by the PIX firewall
>
>
>
Chris Baker -- technical specialist
614-839-2447x108
cbaker@bbbscolumbus.org
Big Brothers Big Sisters of Central Ohio
www.bbbscolumbus.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [Announce] PacketFlow firewall generator
2002-11-26 22:07 ` cbaker
@ 2002-11-27 0:03 ` Robert Wideman
0 siblings, 0 replies; 3+ messages in thread
From: Robert Wideman @ 2002-11-27 0:03 UTC (permalink / raw)
To: netfilter
These should be on the ANNOUNCE mailing list and not the user mailing list.
Shouldnt they be????
Robert Wideman
> I would like to announce the initial public release of a new tool
> called PacketFlow. It is a free command line XML based iptables
> firewall generator. I would like to invite you to download and
> evaluate it.
>
> The basic concept of PacketFlow is that of "security levels."* Every
> interface has a security level, and it indicates how much the
> interface is trusted. By default connections may made from a high
> security interface to a low security interface. By default,
> connections may not be made from a low security interface to a high
> security interface. Both may be overridden with access lists.
>
> Several examples are included in the download. These include dial-up,
> broadband, single DMZ, and multiple DMZ examples. These should
> illustrate the basics of the configuration file. There are a few
> features that are not yet shown in the samples, but hopefully they
> will be shown soon.
>
> PacketFlow is currently able to generate complete rule sets. Current
> development is focusing on better configuration validation and sanity
> checking. That said, the rule sets generated from a valid
> configuration file do work well. You are strongly encouraged to read
> through the generated rules for yourself.
>
> PacketFlow currently does not support generating NAT rules, but I hope
> to add that in the future. Any recommendations on a syntax for NAT
> rules would be appreciated.
>
> I would appreciate any feedback that you could provide. There is a
> FAQ on the home page listed below, and the source may be downloaded
> from the project page. Please submit any bugs that you find to the
> bug tracking system on the SourceForge site.
>
> Sincerely,
>
> Paul Frieden
>
> Home page: http://packetflowfw.sourceforge.net
> Project page: http://sourceforge.net/projects/packetflowfw/
>
>
> * This is very similar to the security-levels used by the PIX firewall
>
>
>
Chris Baker -- technical specialist
614-839-2447x108
cbaker@bbbscolumbus.org
Big Brothers Big Sisters of Central Ohio
www.bbbscolumbus.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-11-27 0:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-26 4:57 [Announce] PacketFlow firewall generator Paul Frieden
2002-11-26 22:07 ` cbaker
2002-11-27 0:03 ` Robert Wideman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox