Linux iptables firewall design

Hello ppl, having been a linux user for about a year now i have come to know that it provides a powerful firewall using iptables. I want to implement an effective iptables firewall for use on my linux box. Basically, i want to be able to manipulate it from a web based front end...I have gathered lots of firewall rules from the web but i dont know how to go about writing them up in scripts, the file paths to save them (e.g rc.local etc) and how to start the design. I plan using bash for this. I wonder if anyone is able to provide me with info pls. thanks in advance

firestarter is a linux front end for iptables, it is not a webui. It is best practice to write a firewall script and have it execute at startup. here is a link to a well coded script www.linuxguruz.com/iptables/scripts/rc.firewall_005.txt I might also recommend Linux Firewalls (3rd Edition) (Novell Press). Linux security is a big deal and should be well researched before production, any holes in your script could mean compromising your entire network.

I almost forgot, I use pfSense for a lot of my networks. pfSense is a unix flavor firewall/router. It has an amazing webui and also allows great cli. pfsense.com/

Hi, thanks for the post and link. having written up the rules for my firewall using bash scripting, i am faced with the problem of how to merge this scripts with a web interface (created with php) if you get what i mean. In other words i dont know how to get a section of the script to be executed when a particular event occurs. e.g I have a button on the Web GUI which says: Block ICMP pings. now my question is how do i get the section of my firewall rules script dealing with the blocking of ICMP pings to be executed when that button is clicked by a user? hope i am making myself clear here. I've had a look at Guarddog firewall dot.kde.org/1020374104/ but cnnot really figure this out. any posts highly appreciated. t hanks[/b]

Ps: I just want to be able to manage the firewall from a web interface rather than typing in commands in the terminal

Have you looked at Webmin ?

My other choice for your would be "Shorewall" really easy to use and implement.. www.shorewall.net