You are not logged in.
Pages: 1
I know Linux and ArchLinux in particular are quite safe systems, but after 10 years of Windows I am a little paranoid about security and so I'd like installing a firewall.
I am posting here since my research took me only to iptables wrappers, but iptables alone does not make me feel at peace.
I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect (like the AtGuard firewall for Windows, someone remembers it?) and AFAI understood iptables does not to be set this way.
Where should I seek?
Thanks
Offline
iptables is more powerful than pretty much any firewall you can get for windows. it's alot more complex to configure and because of this the inital setup is harder, but it's also very flexible. most linux systems can survive without a firewall currently. the most secure approach is just to use common sense. the design of linux makes it very difficult for malware to damage the system unless you are logged in as root when the malware is executed.
if you really want a super secure system you should look at something like selinux. this provides very fine-grained, kernel level access control for virtually every system function. you can allow only certain programs to do certain things. this may be the closest thing to what you speak of on linux.
Offline
At the moment I set iptables that it allows all connection from my computer and stealths all ICMP service and all the ports I do not needs (I keep visible only eDonkey and bittorrent related ones).
I am understanding it is enough for a reasonable security against external attacks. Am I right?
Offline
iptables can do it all. just man iptables
Offline
You want TuxGuardian.
Offline
iptables are at the "core" of Linux security but also are difficult to master.
As an "intermediate" step, to enjoy the security of iptables and the simplicity of setting them up you can use various graphical interfaces that will assist you do the job.
One such GUI tool is "Firestarter" (pacman -Sy firestarter). I very much recommend it if you want extra protection.
You can also visit their web site at: http://www.fs-security.com/ for more information.
R.
Offline
iptables are at the "core" of Linux security but also are difficult to master.
As an "intermediate" step, to enjoy the security of iptables and the simplicity of setting them up you can use various graphical interfaces that will assist you do the job.
One such GUI tool is "Firestarter" (pacman -Sy firestarter). I very much recommend it if you want extra protection.
You can also visit their web site at: http://www.fs-security.com/ for more information.R.
I think this is good advice. Your best bet is to get a GUI frontend for iptables, and firestarter is a good choice. It also has handy ICS options.
cg
Offline
the archlinux wiki has a page on firewalls. feel free to try those already there or add anything u feel is missing
There shouldn't be any reason to learn more editor types than emacs or vi -- mg (1)
[You learn that sarcasm does not often work well in international forums. That is why we avoid it. -- ewaller (arch linux forum moderator)
Offline
TuxGuardian sounds cool, but it needs Kernel recompiling in Linux.
Thanks everyone.
Offline
You want shorewall. It's in AUR.
% whereis whatis whence which whoami whois who
Offline
You want shorewall. It's in AUR.
No, shorewall doesn't meet the requirements. AFAIK, Tuxguardian is the only one that does.
I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect...
Offline
Well, a good router with firewall does the major job nowdays pretty well (not very expensive piece of hardware atm). I think firestarter is a good app for what you want, pretty easy to config and has real time info about connections.
If you use it as a desktop - small office b0x it gonna make the work. Sleep well coz arch is very secure out of the box and it doesn't suffer major probs of windows (virus, spyware, malware). Use firefox with adblocker and noscript and you'll be safe surfing. SELINUX is recommended for servers, too much trouble for a desktop b0x, .
Welcome to linux world .... safer, free and addictive.
Offline
I like firestarter (http://www.archlinux.org/packages/search/?q=firestarter)
Offline
Thing is that the firestarter depends on gnome a lot :| Besides, it seems that the firestarter is not in an acrtive development anymore.
Last edited by cromo (2007-03-08 23:38:33)
Offline
Thing is that the firestarter depends on gnome a lot Besides, it seems that the firestarter is not in an acrtive development anymore.
I use firestarter with KDE and works just fine, so I do not think the dependencies on Gnome are that critical.
As per the project being not in development, I remember they did an update about a year ago and for a project that specific (like a firewall) I do not think there is much to do after a certain point. I also use SmoothWall and I do not get much more than one update a year or so.
Hope this helps.
Offline
print wrote:You want shorewall. It's in AUR.
No, shorewall doesn't meet the requirements. AFAIK, Tuxguardian is the only one that does.
ezzetabi wrote:I'd like a firewall that allows or denies packets considering not only ports and IP but also the program who is trying to connect...
after 10 years of Windows I am a little paranoid about security and so I'd like installing a firewall.
Only a 10-year windows user would consider a "Good firewall" one that contains as much unnecessary complexity as TuxGuardian does... but I guess I just answered the "Good firewall" part of the question...
% whereis whatis whence which whoami whois who
Offline
If you don't run any services that are visible to the outside-world, you won't need a firewall. For example: all services that you only need locally (like Apps for Web-Dev. like Apache, MySQL and so on) can be bound to lo/127.0.0.1 without using a firewall. In my opinion, Firewalls are pretty useless for a standalone box. They only make sense in huge environments with finely-grained access-restrictions. For a home-box which runs Linux, a firewall is massive overkill and can't beat configuring the single services properly. But hey, that's just my opinion.
Todays mistakes are tomorrows catastrophes.
Offline
Firestarter is a nice interface if you aren't interested in advanced options.
Offline
Pages: 1