Contributed by Dengue on from the Having-trouble-with-pf? dept.
"I'm not sure how useful this is as I've been made fun of a lot for making a PF configuration tool in VB6 for windows, but VB6 is the only programing language I know and I had nothing else significant I thought I could make so I made a very simple but effective PF rule creation tool for Windows users. I never thought of submitting it to this site, although I check this site every day I never thought anyone would take my software seriously as this program is the only one I've ever really put thought into writing, but I was told today on IRC that a lot of people would benefit from it so I thought I may as well make it available. It's at http://www.anuzis.net/files/software/PF/ "
(Comments are closed)
By tim () jabbo@yahoo.com on mailto:jabbo@yahoo.com
Props to you, for writing a good tool, freely distributing it, and telling the naysayers to stuff it.
Comments
By jtanner () on
If you're looking for additional features to implement, you could create "canned" rules, such as blocking packets from private networks on the incoming line, etc. and a way to review the rules before writing them to a file or the firewall.
All in all, it looks like a good tool for the novice or win32 admin to use with an openbsd firewall.
Jim
By Anonymous Coward () on
By Anonymous Coward () on
qt non commerical 2.3.x for windows qt 2.3.x on unix
Comments
By Anonymous Coward () on
By chris () chris@secure-packets.com on mailto:chris@secure-packets.com
//not in a bad way, just wondering.
is there really a need for a gui?
::chris
Comments
By Anonymous Coward () on
yes - that was obviously the objective otherwise you'd just use pfctl :/
By Anonymous Coward () on
By Anonymous Coward () on
'modulate state'
preset port ranges 0-1024, high ftp proxy ports (I always forget that range)
ability to enter subnet mask as 255.255.255.252 and convert it automatically.
'built in' pf reference - just take pfctl man page and display it as text with 'help' button.
ability to 'buffer' generated rules, so you can generate all the rules at once, review them all together and then copy-n-paste them in pf.conf via PuTTY.
Comments
By Anonymous Coward () on
I'd like to see it be able to scp/sftp the rules, and reload them from windows too - would be nice! :)
By argol () argol@argol.org on www.argol.org
By Anonymous Coward () on
By frisco () frisco@blackant.net on http://www.blackant.net/
http://www.fwbuilder.org/
makes firewall rules for iptables, ipfilter and pf, but doesn't seem to run on OpenBSD, only linux.
Maybe you can get some ideas from that product, or give them some ideas too.
-f
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
not that i hate fwbuilder or anything...
Comments
By Anonymous Coward () on
By Anonymous Coward () on
http://inc2.com/isba/
It's for IPF, but VERY nice the way it works/looks. I've written the author, and he doesn't have the time to make it completely compatible with PF yet (shouldn't be too much work), unless someone else has the ability to do that?
Works via ssh, and all!
By Ben Johnson () ben-deadly@johnsonworld.-no-s-pam-.com on www.johnsonworld.com
If your software works and is usefull, then it's good software. You might consider makinng a Java version of your software - most operating systmes that are running a GUI usually can run Java software. You get the benefit of letting your software run on almost any operating system and Java is a good step to take after VB.
Comments
By Anonymous Coward () on
I'd rather have VB. Why?
Comments
By Anonymous Coward () on
As far as the argument of VB over Java: The person arguring that VB is over all 'better' obviously does not maintain a large scale heterogenius environment. Veritas tools, Quest Software's Foglight, and alot of other high-profile / high-end tools are written in Java so that people like me (and every other Sys Admin I know) can admin and monitor our networks from our Sun/Linux/BSD/whatever machines. While I tend to agree that there REALLY needs to be some shaving on the java runtime - it is still the most capable cross platform gui out there.
Not a flame - just an observation.
By jose nazario () jose@crimelabs.net on mailto:jose@crimelabs.net
By Barry () on
Consider using PHP:
- Easy to code, perhaps easier than VB
- Portable to just about any OS
- You could run it right off your website, provide a service to the world, no user install necessary
- Perfect for spitting out text i.e. pf.conf
Netcraft says you're running an OpenBSD box for you website. PHP would be easy to add to you're current setup.
Comments
By Anonymous Coward () on
Comments
By Niall O'Higgins () on http://www.sig11.com
Comparable to Firewall 1's GUI, but web based - they obviously copied many of the interface concepts. I believe its written in Perl, and sits on Apache+mod_ssl.
By drauku () drauku@drauku.net on http://drauku.net
i dont get why some need this tool. seems there are people that are too damn lazy to read a man page, and take an easy gui way out... *cough* linuxconf anyone?
Comments
By zippy () jdeari01@longisland.poly.edu on mailto:jdeari01@longisland.poly.edu
By ThomasJ () on
This guy wrote a working piece of software *for* *the* *heck* *of* *it*!
He likes OpenBSD, he read the man page, and found it fun to write some software which fills in the tokens of the pf language.
Nobody is assuming that this software is the proper newbie way to make rules, but is def. the proper way to learn to program. If he continues this way, OpenBSD will some day have patches submitted by the guy.
Don't EVER discourage somebody who takes steps to do programming for the community, despite it can't be included in the release.
By Anonymous Coward () on
By Chris Walker () cwalker@at@axion-rbaa.dot.com on mailto:cwalker@at@axion-rbaa.dot.com
I am a CS student currently working as intern at a non-IT company, who asked me to create and install a firewalling system for their network. I am new to BSD myself, and all this company uses is microsoftware.
I have managed to work my way around the various FAQs and man pages to get OpenBSD and pf to work by hand, but I feel there's no way the ms-sysadmins will keep the system up-to-date after I leave, unless I set up and document simple, foolproof methods to do so.
Therefore, any tool allowing easy point-and-click administration, like pf rule updates straight from windows (over ssh), would definitely help the guys here stay ahead of things. I just know they won't take the time and pain to get their hands dirty otherwise.
...just in case you needed motivation to keep going!
CW
By Nick Buraglio () nick@buraglio.com.nospamplease on mailto:nick@buraglio.com.nospamplease
By TheBrothaULuv2H8 () spam@derrickonline.org on https://www.derrickONLINE.org
Comments
By Matt Lauer () mattorola7@hotmail.com on mailto:mattorola7@hotmail.com