GUI for iptables?
Emily Wong 
I would like to secure my server and it seems that IPtables is one of the first steps. Unfortunately editing the rules in a terminal is a bit complicated and dangerous (those who ever did an iptables -F will know what I mean ;) ). Could you recommend any good graphical interfaces for managing my IPtables rules?
7 Answers
Firestarter has always worked well in my opinion. It supports a robust GUI and supports all options of iptables.
sudo apt-get install firestarterTry Firewall Builder.
sudo apt-get install fwbuilderI've never taken time to understand iptables, but I believe gufw does the job. Even I was able to set up a firewall within a couple of minutes.
1For most purposes, ufw (Uncomplicated FireWall) is an excellent way to build simple iptables firewalls. The rules produced are decent, though there may be features of iptables that you need that ufw doesn't cover.
sudo apt-get install ufwIt's a command line tool, but there is also gufw if you want a GUI version.
Iptables-Editor-Gui is a gui for iptables (requires ruby and ruby-gtk2)
Source: Linuxhacks.org
Disclosure: I am the owner of Linuxhacks.org
Firestarter's still in Raspbian Stretch at least. If you look at which is the effective homepage of iptables it's copyright 2014, the task hasn't changed. Iptables probably isn't changing. There is such a thing as maturity in software.
There are 233 repositories on Github mentioning Firestarter . What's in Raspbian Stretch is Firestarter 1.0.3 copyright 2005 by Thomas Junnonen. There are undoubtedly forks of the original Firestarter, I'm happy using the original.
I'd be wary of oversimplified software that may leave out useful features. I've been studying iptables for a day or so, I just wanted a "second opinion". I'll take what Firestarter comes up with and use it as a starting point. I'm impressed that it recognized my internet connection EasyTether and seems willing to build NAT stuff for wifi. I have an old DSL router I'll probably use for output, I just wasn't sure how to bridge from EasyTether to the router. Iptables can do it, if it's at all like OpenBSD's pf. Not a typical application, glad Firestarter wants to solve the problem. It's Gnome but nobody's perfect. Works fine in LXDE with some Gnome libs installed.
Firestarter homepage, found in help -> about Yeah, OK, it's maybe a little flaky. I can't get to his official download page. More importantly I can't see the iptables code it generates. It doesn't copy, it doesn't run, it considers the gateway I'm actively using to be offline.
I’m using Elastic Firewall …worked like a breeze so far!
Plus it works on multiple machines.
You can go with a free account with them or try one of the paid plans for enhanced power. either way, the thing does a pretty good job at very reasonable rates.
Unfortunately editing the rules in a terminal is a bit complicated and dangerous (those who ever did an iptables -F will know what I mean ;) )
I know what you mean, appending rules through the command line can be time consuming and prone to so many errors, so having a firewall manager to automate Linux iptables policies can save you a lot of time and nerves.
0
