Firewall?

Presumably, Haiku would have something along the lines of iptables for use as a firewall. Would there be a graphical equivalent or front-end, perhaps something similar to Zone Alarm for Windows, in the works?

A firewall certainly seems to be a necessary OS feature anymore, although ideally it wouldn’t need one. I have no idea what’s planned, but I’d certainly like some level of protection built-in (preferably with a GUI). But making something like Zone Alarm (or the Windows XP firewall) seems like it’d be a lot of trouble since it focuses on application level filtering (kinda pointless without spyware, and usually easily defeated). I’d think something like Look 'n Stop (also for Windows) would be more appropiate/easier to make. It’s essentially just a rule-based firewall that lets you make rules based on protocol/port, IP, MAC address (a very useful but often neglected feature), and notification when certain rules block (or alow) things. Here, here, and here are some screenshots. I’m guessing that’s similar to iptables, but with a GUI (I don’t use Linux enough to know for sure).

Izomiac wrote:
A firewall certainly seems to be a necessary OS feature anymore, although ideally it wouldn't need one. I have no idea what's planned, but I'd certainly like some level of protection built-in (preferably with a GUI). But making something like Zone Alarm (or the Windows XP firewall) seems like it'd be a lot of trouble since it focuses on application level filtering (kinda pointless without spyware, and usually easily defeated). I'd think something like Look 'n Stop (also for Windows) would be more appropiate/easier to make. It's essentially just a rule-based firewall that lets you make rules based on protocol/port, IP, MAC address (a very useful but often neglected feature), and notification when certain rules block (or alow) things. Here, here, and here are some screenshots. I'm guessing that's similar to iptables, but with a GUI (I don't use Linux enough to know for sure).

“Firewalls” are overrated - all the OS should come with built-in is something similar to IPTables in *nix - and maybe something to monitor open ports

umccullough wrote:
"Firewalls" are overrated - all the OS should come with built-in is something similar to IPTables in *nix - and maybe something to monitor open ports

That’s pretty close to the question. :stuck_out_tongue:

What I meant by the GUI and the Zone Alarm relation was not that it should act like ZA, but look something like it. IPtables rules don’t make a lot of sense at first glance and can sometimes be pretty complex to construct. An intuitive GUI should help to overcome that.

Cheers,
togs

umccullough wrote:
"Firewalls" are overrated - all the OS should come with built-in is something similar to IPTables in *nix - and maybe something to monitor open ports

I always considered IPTables a firewall, but (IMHO) semantics aren’t that important. Anyway, what I was trying to say is that Zone Alarm’s GUI is centered around application permissions (screenshot). What I think would be the best solution would be to have a tab next to “Services” in the network preferences (boneyard) that has a list of packet-level rules in the order that they’re applied, a couple buttons to the side to create/delete/change the order of rules, and perhaps a couple checkboxes below to enable specific protections (like locking the ARP table or randomizing TCP sequence numbers to prevent specific attacks).