what are people using for a firewall?

DNH · n00b Joined: 16 Apr 2002 Posts: 60 Location: Ann Arbor, MI

I was wondering what people use for a firewall and if they emerged a package to get it. I am debating just creating an iptables script, but thought I'd see if anybody is using a firewall program and whether or not they would recommend it. Thanks.
_________________
The answer

garyura · n00b Joined: 18 Apr 2002 Posts: 12

Iptables is enuff for the firewall if U want to connect to internet and safe from hacker

klieber

Guest · Posted: Tue Apr 23, 2002 3:22 am Post subject:

http://monmotha.mplug.org/firewall/index.php <-- Monmotha's firewall script, fairly good

Another good one to break your teeth on is "Endoshield" you can find with a google search, I use a (heavily) modified version of it.

gilgames · Last edited by gilgames on Tue Apr 23, 2002 6:03 pm; edited 2 times in total

static · Posted: Tue Apr 23, 2002 5:59 pm Post subject:

If you like GUI's guarddog for KDE is excellent
_________________
Gentoo and Doom III. 'Nuff Said.
_______________________________________

skylinux · Guest

I wrote an iptables script using connection tracking, from my tests and from other users this script seams to work pretty good. You can download it from here:
http://home.earthlink.net/~skylinux/linux/skyfire/

I would appreciate some feedback if someone decides to use my script.
Stay save
Skylinux

kipper · Tux's lil' helper Joined: 20 Apr 2002 Posts: 112

I built my own using iptables. Building your own gives you control over what access you restrict or close. If you are uncomfortable or don't know much about doing this you can check out this tutorial http://www-105.ibm.com/developerworks/education.nsf/linux-onlinecourse-bytitle/A7F41AE725B03E1D86256A46005DB972?OpenDocument

dice · Guru Joined: 21 Apr 2002 Posts: 577

I use an OpenBSD bridging firewall. It's very cool

dr_strange · Posted: Wed Apr 24, 2002 6:26 pm Post subject:

firestarter is a nice firewall, lets you close and open individual ports, monitor your ports etcetera

bbibber · Posted: Wed Apr 24, 2002 6:44 pm Post subject: TrinityOS

the TrinityOS documents provide a good background if you want to secure your system. It' s aimed for redhat systems though

d3c3it · Posted: Sun Sep 07, 2003 1:33 pm Post subject: Iptables personal firewall

Hi all
ive been trying for ages to get iptables working but i could never get my kernel config to work. Well after extensive searching on google and these forums ive finally got iptables working. To start with i tired kmyfirewall to setup a firewall, which worked great, it really locked down my system but there was somethings i didnt like *the kde stuff for 1, as i dont use kde and the kde config on my system is messed up so the program didnt work quite right* and also i couldnt use msn nor rsync but then i tired out firestarter. Found to be very good. Couldnt get the log viewer working till i found this
https://forums.gentoo.org/viewtopic.php?t=76874 which stopped the error messages but still no logs. The firewall using the grc tests almost locks down my system but apart from port 57-56 which i couldnt get to lock down. But also my main problem with it is it doesnt save any /var/lib/iptables/rules-save and when i run /etc/init.d/iptables save i get a cat: no file.... and iptables -L doesnt show any rules. But there is rules as the grc test shows the ports being blocked.
Now i would setup my own rule set but i dont know where to start. Ive read up on google but it seems alot of work for a personal firewall. A server i understand but for just a personal aspect is there any easier way around it? Maybe someone has created a prebuilt script as such for a workstation ?

any help would greatly be appreated *i know its long winded but basically i want a firewall to keep nasty stuff out and keep all my ports stealth on a workstation*
thanks alot
_________________
Some people go to counselling,
others use linux

Keyed · Posted: Sun Sep 07, 2003 2:41 pm Post subject:

Have you read the Gentoo Security guide yet?

http://www.gentoo.org/doc/en/gentoo-security.xml

also you could look at

http://www.openna.com/products/books/sol/solus.php

I use a tweaked version of what is shown in their pdf.
_________________
Windows is not a virus: Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

d3c3it · Posted: Sun Sep 07, 2003 4:48 pm Post subject:

Xaignar · Posted: Sun Sep 07, 2003 7:06 pm Post subject:

If you just want a firewall for a workstation, then either Shorewall or FireHOL is my recommendation. Both are in portage, are easy to use and make use of bash scripts to perform their magic, so there is no need for X.

voltron2k4 · Posted: Sat Sep 13, 2003 6:47 am Post subject: Firewall

Ok, so after looking in /usr/portage/net-firewall/ I see that there are many different firewalls. My question to the gentoo public is... Which do you feel is the best and why? Also is there a firewall that has gui? And also is there a good "example config" that I can go by?
* Any help is more than appreciated *
_________________
Windows XP Uptime: 3 mins 12 secs
Illegal Operation: Must Reboot or Shutdown

idefix · n00b Joined: 15 Mar 2003 Posts: 23

There is no gui available, but configuration is straight forward. Short documentation is available in the config files itself, otherwise have a look at the developers homepage [url]http://www.shorewall.net/[/url]

barbar · Guru Joined: 16 Apr 2003 Posts: 397 Location: Austria

knetfilter is a gui for iptables. if you are using kde it can be handy configuring iptables.

sschlueter · Posted: Sun Sep 14, 2003 4:45 am Post subject: Re: Firewall

sschlueter · Posted: Sun Sep 14, 2003 4:47 am Post subject: Re: Have you tried shorewall?

don quixada · l33t Joined: 15 May 2003 Posts: 810

Hi, it seems the general consensus about firewalls is that ``a poorly configured firewall is worse than no firewall at all''. Therefore, I'm afraid to install any kind of firewall. However, I do like the idea of being able to close/open ports easily.

My system is my own personal machine so there are no other users I need to administrate, so I'd only be protecting my computer from ouside attacks. I've tried to keep everything network-related secure (from faqs etc.) and I've tested my ip from outside resoures (abuse.net etc.).

However, what I'm wondering is: am I being naive? Should I install a firewall? and how would I know that it will be properly configured?

Thanks in advance.

dq

neilhwatson · l33t Joined: 06 Feb 2003 Posts: 719 Location: Canada

Would you have unprotected sex with a stranger?! You definitely need a firewall. As for testing a firewall there are website that will scan your firewall for you.
_________________
The true guru is a teacher.
Neil Watson

don quixada · l33t Joined: 15 May 2003 Posts: 810

Ok, I'll install one. Any suggestions?-- if not, I'll install iptables.

There are websites that test firewalls? What are they? The only ones I know of are:

http://grc.com/intro.htm

and

http://www.abuse.net/

Or are these all I need?

Thanks,

dq

neilhwatson · l33t Joined: 06 Feb 2003 Posts: 719 Location: Canada

Iptables is the engine that drives your firewall. How to configure your firewall is up to you. I do it by hand which may not be for you. If you search around here you'll see some suggestions on what applications might be right for you.

Yes, those sites are fine for testing your firewall

However you do it remember the golden rule of firewalls. ALWAYS DENY EVERYTHING BY DEFAULT, then configure the firewall to allow the network traffic you need.
_________________
The true guru is a teacher.
Neil Watson

mmealman · Guru Joined: 02 Nov 2002 Posts: 348 Location: Florida

http://www.simonzone.com/software/guarddog/

There are a lot of apps like the above that use iptables, but provide an easier interface to work with.