The idea behind the new Lokiwall is not to make the configuration of a firewall as easy as possible. It will be required to have the basic knowledge of how networks work (duh) and how firewalls work. After you have those basics Lokiwall will try to make your life as easy as possible.
With the new Lokiwall the most common way of installing is downloading an iso and installing it to some machine. This will enable a full linux system with all the possibilities at hand. It will also include Xorg with a very basic windowmanager to show the Lokiwall GUI (and ofcourse access to webbrowsers and the like). Be aware that the Lokiwall GUI is probably gonna be a client that you can you have on your laptop or so, not _ONLY_ on your firewall (scheduled for later lokiwall 2.0 release)
Lokiwall will be written in Python. Below you can find the modules we will probably be using. I'm still looking around, but i think these will fit.
We want to create some kind of drag and drop interface to manage the firewall. This way you can make a networkmap of your current network and lokiwall will do the rest for ya!
More information will come soon, i have to draw some interfaces to see how this is gonna comply with our thoughts.
Lokiwall is gonna read the INI style config file and generate a bash script with all the iptables and routing rules. When a new config is made, the old bash script and config are stored in a safe location so you can revert back or check what changes you made over the last 7 configs.
When you're testing on a machine that is not located near you, you want to be able to test the settings before you make them production.
The test function will enable the new rules, then its gonna wait X number seconds before it enables the last know configuration. If the new config might make the machine unreachable it will automatically revert to the last know config thus making it available again.
Lokiwall is gonna save the last seven know configurations. We could maybe add something like 'show changes' which will show the changes you made in your new config.
This is gonna be a hard one :). Lokiwall needs to be able to read the current iptables rule list and make changes on the fly without flushing all the rules.
— Arnold Vriezekolk 2009/04/19 16:48
— Arnold Vriezekolk 2009/04/05 16:33
— Arnold Vriezekolk 2009/04/05 15:35