Graphical tools for firewall configuration

Restricted Zone

© Photo by Mike Wilson on

© Photo by Mike Wilson on

Article from Issue 207/2018

Setting up a comprehensive firewall with netfilter and iptables is complicated. Graphic user interfaces seek to take the worries out of this demanding task.

Firewalls under Linux are usually based on the kernel's netfilter system [1], which was introduced in 2001. Nftables [2] is about to replace this system, but until then, iptables [3] remains the configuration helper for the complicated netfilter system and is regarded as the default tool for Linux.

However, configuring iptables is not very intuitive. If you don't regularly use this process, you tend to forget quickly the necessary command-line parameters. Iptables does not make it easy for less experienced administrators to configure the firewall, so several distributions have their own tools. Because of this lack of intuitiveness, running the packet filter at the command line can quickly cause damage by user error.

For this reason, many firewalls now have graphical user interfaces (GUIs), which makes this somewhat cumbersome task easier. In this article, I review four such GUIs: firewalld [4], fwbuilder [5], Gufw [6], and Shorewall [7]. I also looked at the PeerGuardian [8] IP blocker, which is not a conventional firewall (see the "PeerGuardian" box). Not included in this review are configuration environments that are outdated (see the "Not in the Running" box).


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Persistent iptables

    The Linux iptables packet filter lacks an easy way to load rules automatically after restarting a system, but you can automate this process several ways.

  • Firewalls Intro

    Firewalls are becoming evermore sophisticated. Luckily, the tools for managing firewalls are becoming simpler and more accessible for ordinary users

  • Shorewall

    When users think about their workstations at home, they often forget about security. But danger is out there,waiting to pounce on the unsuspecting. Shorewall helps everyday Linux users keep the intruders away.

  • KTools: KMyFirewall

    Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

  • Firewall Logfile Analyzers

    Netfilter firewalls create highly detailed logfiles that nobody really wants to inspectmanually. Logfile analysis tools like IPtables Log Analyzer,Wallfire Wflogs,and FWlogwatch help administrators keep track of developments and filter for importantmessages.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95