iptables "frontend" on FC

[Carlos Rodrigues <carlos efr mail telepac pt>]

Hi!

As we stand now, FC doesn't have a firewall configuration tool worthy of 
that name. There is system-config-securitylevel which is fine for a 
workstation or desktop machine, but for a server or gateway box there is 
no way to build a good firewall short of diving into iptables directly.

There are a bunch of iptables frontends (GUI or otherwise) out there, 
but I would rather have something more high-level. So, my preference 
would go to something I have been using in my home gateway, and some 
servers at work, for some time now. That something is FireHOL 
(http://firehol.sourceforge.net).

I think this would be a nice addition fo FC because is is not only a 
simple iptables frontend. It is a language to describe firewalls, which 
generates them using iptables rules. It is very straigthforward and 
powerful. The config script even accepts the use of bash constructs - 
FireHOL is itself bash based - which makes it a tool which "makes simple 
things simple and hard things possible".

I'm not the author of FireHOL, so this isn't gratuitous publicity. It's 
just a great tool (which successfully passed my "first hours 
excitement") that would make a good addition to FC (and it's small, so 
no problems there).

What do you people thing about this: good, bad, alternatives?

Carlos Rodrigues