firewall with multiple possible interfaces
 

I would like a basic firewall on my netbook and first attempted this by using firestarter as i have no experience in writing IPTABLES rules from first principle and to be honest the syntax looks horrific!

the problem with firestarted is that when i selected WLAN0 to be the internet connected port everything worked fine until i connected to a VPN at which nothing would work (the only error i got was when pinging an IP address when i got sendmsg not permitted)

my normal setup is this....

normally im connected via WLAN0 to the internet. but one one particular network i must activate the VPN to use anything, this creates another interface tun0. both wlan0 and tun0 will be assigned an ip address but only the tun0 will do anything (the wlan0 one is configured by the network to just allow traffic to the vpn gateway and nothing else)


what i really need is some way of creating a basic firewall (drop all incomming except ports i specify) that lives on wlan0 unless tun0 is active in which case it moves to tun0

any ideas?

Depending on how you create the VPN i would just start a script that changes the iptable rules to use tun0 instead of wlan0.
Nother would be udev. But I doubt that I get triggers when creating a tun/tap device. But might be.

I would just create two scripts with firestarter. One for wlan0 and one for tun0. Either activate them manual or with the way described above.

Hope that helps

i dont think firestarted lets me have 2 sets of scripts and i dont understand iptables enough to do it manually,

also i start the vpn service using network-manager-vpnc

AlienBoB has an Firewallgenerator for iptables thats awesome works like a charm on my netbook,but theres a lot of treads on this forum about it i guess.
But i would really like an slackwarefirewall gui based app like gufw whith out messing with slackbuilds and libs. so ay tips from any one?