Reviving the Firewall Design Program?

rcha101 asks: "I'm not sure if many of you are aware but Robert L. Ziegler use to host (IMHO) the best online firewall configuration tool (formerly available here here, check out the link now for his sad synopsis) until recently when he decided to pull the plug on it. I have since been trying to contact him in an effort to get this tool back online and develop the IPFW2 side of it (correct some of the rules, add extra features to it etc) but have had no luck. Does anyone know how to contact him? Has anyone else been in a similar situation? What web tools do you use that could suddenly disappear overnight? Robert are you out there?"

Similar situation here

[cxvx]

I just discovered today that a fine site (http://www2.gol.com/users/tame/swing/examples/ [gol.com]) with losts of custom swing components went 404.
I was able to retrieve some stuff using the wayback machine [archive.org], but it is still a shame to see the site itself go.

Maybe the poster should try the wayback machine too.

The author's response to just the question you ask

[petard]

can be found here [linux-firewall-tools.com] on his web site.

Question: Is the Firewall Design Program for sale, or is the source code available?

No to both questions.

Firestarter [sourceforge.net] might be useful to you though. Good Luck.

For those too lazy to click the link:

[stienman]

Here's a brief synopsis:

I never made a dime from my obviously useful program, and therefore will not work on it any further because I need to feed myself and my family.

Because I'm so bitter about it, I'm completely closing up shop, and denying anyone any further benefit from my, until recently, free contribution to society.

As far as I'm concerned, you moochers can all go suck it, I'm through.

I don't blame him, he did a lot of work, it was obviously being used by many people who could have afforded hima few luxuries.

But on the other hand, if you don't want to give something away for free, then don't. If you do, then you can't complain about getting nothing in return later - that's simply shortsighted.

The linux router project [google.com] guy is the epitome of the, "I didn't mean to get nothing back from something I gave away" pitiful rants.

-Adam

Re:For those too lazy to click the link:

[Anonymous Coward]

I think the problem was with how some people treated him. DEMANDING he fix this, implement that, for what was obvious work related. And all without a thank you, when he was done.

Re:For those too lazy to click the link:

[Radical Rad]

I think I know how he feels. I too have an open source project, however I have received a few thank you's and a little bit of help. But there are a small percentage of end users who are demanding and ingrateful, one I can remember in particular. Those few stick out and leave a bad impression. But based on the total downloads I know that the vast majority did read the FAQ before emailing and often do help one another out in the forums, and I honestly never expected anything out of it except a good feeling fo

Re:For those too lazy to click the link:

[boredMDer]

Interesting, I get a different blurb. He must have changed it.

New text:

The iptables support is completed, but the software went into stasis.

During the iptables upgrade, I found myself building in a level of technical expertise and a fuller feature set that weren't functionally useful for a home user. The software became something much more than the toy I've always seen it as. At the same time, Linux is more evolved than it was when I started, and we're not in the same precarious situation with our

Re:For those too lazy to click the link:

[boredMDer]

Yea I just re-read OP and saw 'brief synopsis'.

Re:For those too lazy to click the link:

[stienman]

I should have stated more clearly that my post is a synopsis, ie - my shortened version of his text.

-Adam

I have a slightly different attitude

[leonbrooks]

Leave it up for the good of society at large: don't base your decision on how many losers leech and profit, base it on how many sysadmins who are too flat-out to blink (let alone figure out how to send you money) have had their lives bettered by your efforts.

After the flood, no raindrop wants to admin responsibility.

Astounding.

[mewyn]

I don't know much about the project, but his attitude about his project and users is absolutley deplorable.

First off, he shouldn't think of his users as moochers. First off, he was offering it for free. You give something away, you shouldn't ever expect anything back. Second, I'm sure there were many people, like the poster of this article, who are grateful users, but just haven't voiced their opinion. Personally, I'd rather have one message in my inbox about 5 reasons why my software sucks than 100 messages about reasons why it rocks.

Things like feature requests are very common for an admin of a project. And many people out there are rude, or just not conciderate, and their requests may seem like demands to some people. As far as technical support of the software, setup a listserv and make it community support. I would expect any message I send to any project admin about technical support to be brushed off.

One more thing, if he made this an open source project and is now hording the source, that is just wrong. The open source community is just that, you give to them and they provide peer review. True it doesn't always end up that way, but maybe that's because you didn't manage to get the right users.

Anyway, I think he needs to pick up a copy of The Cathedrial and the Bazaar. That may shed a little light onto his problem.

Mewyn Dy'ner

Interesting

[tomblackwell]

What of similar value have you created and given away for free?

You are representative of what drove him away from his goal.

Anyway, I think he needs to pick up a copy of The Cathedrial and the Bazaar. That may shed a little light onto his problem.

Perhaps his users should have picked up a copy of The Cathedral and the Bazaar. They are not owed software.

We're not owed software, but...

[leonbrooks]

Perhaps his users should have picked up a copy of The Cathedral and the Bazaar. They are not owed software.

My sentiments, too, although I would have at least left the pieces up on a server somewhere.

I have all kinds of bizarre little projects of my own kicking around, and I try to never obselete them; every so often (maybe 3 or 4 times a year) someone emails me to say "thanks for that great little utility" and I have to mail back and say "which one?" because the thing is so trivial and long-forgotten th

Re:Astounding.

[leonbrooks]

You give something away, you shouldn't ever expect anything back.

Yes, otherwise it's an offer of trade, not a gift.

Personally, I'd rather have one message in my inbox about 5 reasons why my software sucks than 100 messages about reasons why it rocks.

Not so sure about this one. I find error reports more useful but if few to none are also saying thanks then I'm probably missing the mark somewhere.

One more thing, if he made this an open source project and is now hording the source, that is just wrong.

True, except that he's under no obligation to continue providing the source if he ceases providing the binaries, and being the original (and apparently sole) author, he has every right to change the licence arrangements. What he has no right to do is to reach back out and demand that people stop using his source if he ever open-sourced it.

Also, you have no right to demand that he be happy or generous, only reasonable and not rude. And "reasonable" most definitely does not mean "agreeable".

The long and the short of this is that if you find a copy of his code with a FOSS licence, by all means go ahead and use it according to the terms of the licence, set up a community, make it world-famous, knock yourself out - but he has no obligation to support it or you at all.

Re:Astounding.

[mrhandstand]

RTFM. IT WAS NEVER OPEN SOURCE.

It costs him personal money to host the script. He changed the page, and the word moocher is NOT anywhere on the statement.

He offered a free service (damn useful one too) and had a bunch of ungrateful ingrates pestering him about questions that were of a nature obviously so technical they should have been doing their own research, rather than trying to leech off of a guy whose done his own research.

And before anyone spouts off to me, I bought his book over a year ago, and it

Deceased...

[bergeron76]

If I'm not mistaken, he was killed in a car accident in early 2003. Unfortunately, none of his kin/sucessors knew the importance of updating his website(s), so when the ISP bill expires the plug will be pulled on the content as well (no pun intended).

I'm not 100% certain about the accident, however I recall hearing something about it a while back.

Re:Deceased...

[petard]

You are mistaken. His site was last updated in mid-December 2003, by the author himself.

How about local tools?

[mhesseltine]

I'm thinking along the lines of Guarddog and Guidedog for KDE/Linux [simonzone.com] or KMyFirewall [sourceforge.net]

After all, when you run a network tool to setup your firewall, and you accidentally block yourself from the net, how do you generate another set of rules to get back online? (I know, /etc/init.d/iptables stop)

firewall tools are a cruel myth.

[anon mouse-cow-aard]

I've got DSL, two interfaces, a web, email, ssh, dns services and a squid & dansguardian running on the router machine doing NAT for my home LAN. It should be straight-forward. No IP-SEC, no plug-to's, no proxies. Nothing I've seen does it right, nor are they any simpler to understand than just plowing through the HOWTO's, and futzing with a sample from there. One really needs to understand all of a firewall configuration. These GUI's try to shield you, but it doesn't work, and the configs are really

Re:firewall tools are a cruel myth.

[lanswitch]

i use webmin (http://www.webmin.com) to configure shorewall, and nmap to check the ports.

Re:firewall tools are a cruel myth.

[gazbo]

That's a little disingenuous. To be fair, scripts usually generate vast amounts of comments, and even directives for the interface. At least run it through grep -v '^[[:space:]]*#' or something before quoting the line count.

Re:firewall tools are a cruel myth.

[anon mouse-cow-aard]

To be fair, the script I started with was around 800 lines. Then I took out 90% of the comments & examples that were irrelevant. There is one script in shorewall which has some meat, for the rest of the directory the config files are 80% comments. So I took it out, and repeated the analysis.
that is:
wc -l * --> 1108 lines.
grep -v '^#' * | wc -l --> 217

The comments are so huge that it is impossible to understand the actual configuration. That's my real gripe: ease of auditing is an important

Re:firewall tools are a cruel myth.

[perlchild]

Try removing comments from shorewall first. Not only is it very featureful, and the default configs rather well documented, but there is a lot of "by format" comments which indicate to shorewall itself that a file ended.

My 3-interface shorewall on debian's config is only 1561 lines btw... With the comments. 450 lines of which is the shorewall.conf, a long long config file... Without the comments, I have 171 lines of config, for a four-interface, 3 zone firewall with vpn.
The script for shorewall itself i

via book

[jago25_98]

his book is excellent, and a way to contact:

http://www.ieee-security.org/Cipher/BookReviews/ 20 00/ziegler.jan2000.html
http://www.amazon.co.uk/e xec/obidos/ASIN/073571099 6/qid=1074769733/sr=1-1/ref=sr_1_3_1/202-4508407-8 460612
(this is the same guy right?)

try buying something from him

[Triumph The Insult C]

personally i think he's a whining dick, but, he did submit this [slashdot.org] story.

personally, i find sandin's fc products to be better, but, who knows

firewall builder

[#undefined]

i see the benefits of a web-based firewall builder (especially for a home user where the rules are build from answers to simple, high-level, non-technical questions), but for something more in-depth i use:

firewall builder [fwbuilder.org]

i started using the project almost a year ago, and have really been impressed with all the extras that have come on-line since then: user guide, FAQ, web portal, articles, cookbook, etc.

the application:

has a wizard to help jump start building a ruleset

abstracts firewall-specific synt

Got nothing, huh?

[jpsst34]

"I'd always hoped that I might get something out of the effort for myself and never did."

Hey, Robert Ziegler, what about your book [amazon.com], based on the same subject matter? Five years ago I was looking to set up a 2.2 firewall for my home LAN. I came across your firewall tool. I thought it was great, and I wanted to learn more about what you had done with ipchains. So I bought your book after learning about it through your site - your site out of which you got nothing. I found it to be quite useful. Are you telling us that you made absolutely no money at all on that book? I bought one, didn't you get a portion of my $40?

Money aside, are you saying that you got nothing out of it? I found your book through your site. I read your book. Now I know your name. If someone's interested in learning about firewalls, I can say, "I have this great book by Robert Ziegler. You should check it out. The samples are based on the old ipchains tool, but many of the concepts he covers are worth reading." You're a published technical author. Is that worth nothing to you?

Frankly, Robert Ziegler, I'm disappointed in you. Not only did I use your site, but I never demanded any kind of support from you. Hell, I never even asked you. I just bought your book. Just because there were plenty of assholes that thought your website was an open invitation to burden you with their firewall problems does not mean that there weren't plenty more of us who treated you with respect, used your tool, and bought the book you were trying to sell. Don't forget it.

I'm surprised we haven't seen more of this

[computational super]

I really can't say I blame the guy... developing software is more fun than most types of work out there, but it's still work. I always wondered what would motivate somebody to work at their regular job (which, if you're a programmer, is likely somewhere in the neighborhood of 80 hrs/week) and then go home and work on another bit of software which you plan to turn around and give away for free. Are they hoping for a flood of donations? Are they hoping that their open-source experience will be good "resum