I'm working with IPv6 and have run into an issue configuring ip6tables on our main router in order to control what can come into the network. A default DROP rule in the FORWARD section has worked well (obviously leaving ESTABLISHED,RELATED as ACCEPT) to keep internal clients' open ports from being accessed.
However, running an ip6tables command for every little change is unwieldy. Whilst we are able to continue creating rules manually, I'm wondering if there's some sort of management interface we could use to create the rules quickly and easily. We're looking to be able to save time working on our firewall as well as providing a simple method for modifying rules for those who will eventually replace us.
I know webmin (heavily locked down on our network, naturally) has support for modifying iptables rules, but seemingly no support for ip6tables. Something similar would be fantastic.
Alternatively, suggestions for a firewall solution apart from iptables/ip6tables which can be managed remotely wouldn't be out of order. A web interface for management is certainly preferable, even if it is just a wrapper with shiny buttons over the raw config files.
ferm
is what the Debian guys use, and might be a good starting point.I've been using fwbuilder for years.
It's a single graphical interface that handles producing configs for Linux, BSD, Cisco, Mac OS...
FWBuilder
Also supports ssh installation of compiled rule sets and easy integration with platform scripts to persist the resultant rules.
GPL with secondary paid license for Mac OS X and Windows binaries.