Comment Re:Firewall Builder (Score 2, Interesting) 414
Firewall Builder does most of what the submitter is looking for already.
.
Just browsing through here, but I'm surprised (and then again, I'm NOT surprised) at the answers thus far. I get the same replies when I ask a similar question.
What the submitter is talking about is a 21st Century Firewall (capitalized out of reverence). Why not have automatic host discovery? Why should I have to painstakingly come up with a list of all target machines with IP addresses? Is this not 2010?
Did everyone miss the question about "jdoe's" computer being connected, and then (and ONLY then) her needed ports being enabled in some other PC on the network? That would actually be a VERY nice capability.
For the record, I've looked at IPCop; Shorewall; SuSEFirewall2; the firewall tools built into Webmin; (and years ago) Mandrake's firewall package; you name it (this is just a partial list off the top of my head). All of them follow the same paradigm: YOU must come up with the list of IPs and ports. If anything moves or changes, YOU have to painstakingly re-enter all of the port/IP info (and hope you didn't miss something!).
So-called GUI interfaces and/or firewall "builder" tools still follow this same basic config paradigm. Just adding automatic discovery would be a HUGE help
Everything I've tried thus far can't even reliably list all PCs on the network! I have to run an NMAP discovery or (under Windoze) something like the Angry IP Scanner. It doesn't make sense.
Some of what the submitter is asking would most properly be done in a really smart firewall/network switch combination. You would probably have to install a small software package on each network machine, too, that could "talk" to the firewall. But the question remains, why isn't this kind of thing available? It *IS* a little surprising (and frustrating) the someone hasn't developed a point-and-click, self-discovering, self-cataloging firewall system by now.
I think the real problem is that true propeller-headed geeks actually *enjoy* poking in stuff with iptables rules at a prompt. They're the most likely to have the skills to develop something like a true GUI firewall, but they're the least likely to want to.