OSNews

If you're looking to manage iptables rulesets without the learning curve of rolling your own (or even if you fully comprehend iptables, but want an easy method to manage them), check out

http://www.killerwall.net/

It is a distro agnostic tool that may simplify your life. In spite of the lack of a GUI, it's still extremely easy to configure and deploy. Some key features include:

1). It scales well. It can be used as a host based firewall or a multi-homed, multiple network NAT bastion host. It can autoconfigure itself (or you can do it manually) for either situation based on your network configuration.

2). It's fast. For what it does, it generates a high performance, lean ruleset.

3). It defaults to all ports closed to inbound, unsolicited packets, but it's stateful, so it allows replies for data you've sent to come back in.

4). If you want ports opened or forwarded, it's easy to do. Even if you do have ports opened, remote hosts will be unable actively TCP finger print your firewall or forwarded hosts.

5). It has an ACL feature that you can configure to allow only certain hosts or networks access to ports or protocols. The ACL rulesets can be manipulated independently of the baseline firewall ruleset.

6). It's easy to use.

If you like what you've read so far, I recommend the CVS version at:

http://www.killerwall.net/download/killerwall.0.99-CVS-03Jan05-0552...

Read the README included the tarball, it explains what to do in detail.