You are not logged in.

#1 2007-02-20 08:04:01

ezzetabi
Member
Registered: 2006-08-27
Posts: 947

Good firewall?

I know Linux and ArchLinux in particular are quite safe systems, but after 10 years of Windows I am a little paranoid about security and so I'd like installing a firewall.
I am posting here since my research took me only to iptables wrappers, but iptables alone does not make me feel at peace.

I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect (like the AtGuard firewall for Windows, someone remembers it?) and AFAI understood iptables does not to be set this way.

Where should I seek?
Thanks

Offline

#2 2007-02-20 09:10:46

iBertus
Member
From: Greenville, NC
Registered: 2004-11-04
Posts: 2,228

Re: Good firewall?

iptables is more powerful than pretty much any firewall you can get for windows. it's alot more complex to configure and because of this the inital setup is harder, but it's also very flexible. most linux systems can survive without a firewall currently. the most secure approach is just to use common sense. the design of linux makes it very difficult for malware to damage the system unless you are logged in as root when the malware is executed.

if you really want a super secure system you should look at something like selinux. this provides very fine-grained, kernel level access control for virtually every system function. you can allow only certain programs to do certain things. this may be the closest thing to what you speak of on linux.

Offline

#3 2007-02-20 09:22:31

ezzetabi
Member
Registered: 2006-08-27
Posts: 947

Re: Good firewall?

At the moment I set iptables that it allows all connection from my computer and stealths all ICMP service and all the ports I do not needs (I keep visible only eDonkey and bittorrent related ones).

I am understanding it is enough for a reasonable security against external attacks. Am I right?

Offline

#4 2007-02-20 09:23:10

zeus
Member
From: Korolev / Russia
Registered: 2006-09-19
Posts: 117
Website

Re: Good firewall?

iptables can do it all. just man iptables

Offline

#5 2007-02-20 14:23:25

skymt
Member
Registered: 2006-11-27
Posts: 443

Re: Good firewall?

You want TuxGuardian.

Offline

#6 2007-02-20 14:50:22

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Good firewall?

iptables are at the "core" of Linux security but also are difficult to master.
As an "intermediate" step, to enjoy the security of iptables and the simplicity of setting them up you can use various graphical interfaces that will assist you do the job.
One such GUI tool is "Firestarter" (pacman -Sy firestarter). I very much recommend it if you want extra protection.
You can also visit their web site at: http://www.fs-security.com/ for more information.

R.

Offline

#7 2007-02-21 17:08:03

closet geek
Member
Registered: 2007-02-20
Posts: 27

Re: Good firewall?

ralvez wrote:

iptables are at the "core" of Linux security but also are difficult to master.
As an "intermediate" step, to enjoy the security of iptables and the simplicity of setting them up you can use various graphical interfaces that will assist you do the job.
One such GUI tool is "Firestarter" (pacman -Sy firestarter). I very much recommend it if you want extra protection.
You can also visit their web site at: http://www.fs-security.com/ for more information.

R.

I think this is good advice. Your best bet is to get a GUI frontend for iptables, and firestarter is a good choice. It also has handy ICS options.

cg

Offline

#8 2007-02-21 18:01:54

dolby
Member
From: 1992
Registered: 2006-08-08
Posts: 1,581

Re: Good firewall?

the archlinux wiki has a page on firewalls. feel free to try those already there or add anything u feel is missing wink


There shouldn't be any reason to learn more editor types than emacs or vi -- mg (1)
[You learn that sarcasm does not often work well in international forums.  That is why we avoid it. -- ewaller (arch linux forum moderator)

Offline

#9 2007-02-22 07:33:50

ezzetabi
Member
Registered: 2006-08-27
Posts: 947

Re: Good firewall?

TuxGuardian sounds cool, but it needs Kernel recompiling in Linux.
Thanks everyone.

Offline

#10 2007-02-27 06:33:09

print
Member
Registered: 2007-02-27
Posts: 174

Re: Good firewall?

You want shorewall. It's in AUR.


% whereis whatis whence which whoami whois who

Offline

#11 2007-02-27 14:06:46

skymt
Member
Registered: 2006-11-27
Posts: 443

Re: Good firewall?

print wrote:

You want shorewall. It's in AUR.

No, shorewall doesn't meet the requirements. AFAIK, Tuxguardian is the only one that does.

ezzetabi wrote:

I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect...

Offline

#12 2007-02-27 22:59:25

alvmax
Member
Registered: 2007-02-23
Posts: 5

Re: Good firewall?

Well, a good router with firewall does the major job nowdays pretty well (not very expensive piece of hardware atm). I think firestarter is a good app for what you want, pretty easy to config and has real time info about connections.
If you use it as a desktop - small office b0x it gonna make the work. Sleep well coz arch is very secure out of the box and it doesn't suffer major probs of windows (virus, spyware, malware). Use firefox with adblocker and noscript and you'll be safe surfing. SELINUX is recommended for servers, too much trouble for a desktop b0x, tongue.

Welcome to linux world .... safer, free and addictive. wink

Offline

#13 2007-03-07 19:26:46

darose
Member
Registered: 2004-04-13
Posts: 158

Re: Good firewall?

Offline

#14 2007-03-07 19:49:34

kensai
Member
From: Puerto Rico
Registered: 2005-06-03
Posts: 2,484
Website

Re: Good firewall?

Go for firestarter is very easy to make a completely invincible to attackers net computer with firestarter with just some clicks.


Follow me in: Identi.ca, Twitter, Google+

Offline

#15 2007-03-08 23:36:47

cromo
Member
From: Czestochowa, Poland
Registered: 2006-09-20
Posts: 87

Re: Good firewall?

Thing is that the firestarter depends on gnome a lot :| Besides, it seems that the firestarter is not in an acrtive development anymore.

Last edited by cromo (2007-03-08 23:38:33)

Offline

#16 2007-03-08 23:59:31

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Good firewall?

cromo wrote:

Thing is that the firestarter depends on gnome a lot neutral Besides, it seems that the firestarter is not in an acrtive development anymore.

I use firestarter with KDE and works just fine, so I do not think the dependencies on Gnome are that critical.
As per the project being not in development, I remember they did an update about a year ago and for a project that specific (like a firewall) I do not think there is much to do after a certain point. I also use SmoothWall and I do not get much more than one update a year or so.

Hope this helps.

Offline

#17 2007-04-18 23:01:37

print
Member
Registered: 2007-02-27
Posts: 174

Re: Good firewall?

skymt wrote:
print wrote:

You want shorewall. It's in AUR.

No, shorewall doesn't meet the requirements. AFAIK, Tuxguardian is the only one that does.

ezzetabi wrote:

I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect...

after 10 years of Windows I am a little paranoid about security and so I'd like installing a firewall.

Only a 10-year windows user would consider a "Good firewall" one that contains as much unnecessary complexity as TuxGuardian does... but I guess I just answered the "Good firewall" part of the question...


% whereis whatis whence which whoami whois who

Offline

#18 2007-04-19 05:26:38

mucknert
Member
From: Berlin // Germany
Registered: 2006-06-27
Posts: 510

Re: Good firewall?

If you don't run any services that are visible to the outside-world, you won't need a firewall. For example: all services that you only need locally (like Apps for Web-Dev. like Apache, MySQL and so on) can be bound to lo/127.0.0.1 without using a firewall. In my opinion, Firewalls are pretty useless for a standalone box. They only make sense in huge environments with finely-grained access-restrictions. For a home-box which runs Linux, a firewall is massive overkill and can't beat configuring the single services properly. But hey, that's just my opinion.


Todays mistakes are tomorrows catastrophes.

Offline

#19 2007-04-19 06:44:40

pecan
Member
Registered: 2007-04-06
Posts: 93

Re: Good firewall?

Firestarter is a nice interface if you aren't interested in advanced options.

Offline

Board footer

Powered by FluxBB