We help IT Professionals succeed at work.

personal firewall for Fedora (Linux) or FreeBSD?

961 Views
Last Modified: 2013-12-06
I would like to start using Fedora Linux or maybe FreeBSD as desktop system. I am wondering if there exists some personal firewall for either Fedora or FreeBSD. For MS Windows there exists for example ZoneAlarm, or in Vista the inbuild firewall. But how about Fedora/FreeBSD? How can I make sure that I am protected against worms/attacks etc.?
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
I think MS uses the term "firewall" rather loosely. To me, a firewall is something that blocks or only allows incoming and/or outgoing calls to configured IP address / ports. That is the sort of thing that netfilter (iptables) will do for you (ipchains is its predecessor). Such a firewall is best run on its own system, interposed between your desktop and the Internet .
The other so-called firewall class is a mail screener to weed out emails containing virus signatures and the like. Linux/Unix systems are not vulnerable to viruses per se and not to worms that exploit MS mail clients either, but are still vulnerable to socially engineered nasties like malicious websites and so on. For email, there is postfix. I think there are Baysian filters out there but I haven't got into that area - maybe another expert can post something.
Social engineering is still a problem.

Author

Commented:
>Linux/Unix systems are not vulnerable to viruses per se and not to worms

for real? Interesting... you mean there are no viruses/trojans/worms etc. attacking Linux/Unix systems?
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Viruses in general - not vulerable. I heard there was one once, but I neverheard the details. Worms that expect to be able to look up the address book - no.
Firefox has some settings that may help - block popups among them. Don't run a mail server if you don't have to - make sure it can't become an open relay if you do run one.

Commented:
>>I would like to start using Fedora Linux or maybe FreeBSD as desktop system.

In general these OS are not for desktop, but you can use them. In fedora you can use iptables an efficent packet filtering firewall. On FreeBSD you can chose between ipfw or ipf both are intelligent packet level filtering firewalls.

Duncan is correct there is no virus issue on *.nix OS. The smart thing is only run those services which required.

Commented:
regarding help you can find help on all above firewalls through these sites.

iptables:
=======
www.linuxguruz.com/iptables/howto/

ipfw:
=====
www.freebsd-howto.com/HOWTO/Ipfw-HOWTO

ipf:
===
www.freebsd-howto.com/HOWTO/IPFilter-FreeBSD-HOWTO

Author

Commented:
>Duncan is correct there is no virus issue on *.nix OS.

why? Is it because MS Windows is more popular and therefore more interesting for hackers?
Or only because it's that bad coded?
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
The quality of open-source code does tend to be superior, because it has so many reviewers. You could start a discussion forum on the other reasons. Otherwise just accept it, but take reasonable precautions anyway.

Commented:
"Why? Is it because MS Windows is more popular and therefore more interesting for hackers?"
No, and that's just one among other myths surrounding WIndows vulnerabilities and poor operating system design.
Security Report: Windows vs Linux
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
Kamran ArshadIT Associate

Commented:
Hi,

There are less attacks of viruses on *nix machines yet Anti-virus for Linux are in process of making. One such mature product is ClamAV.
www.clamav.net

Regarding Firewalls much has been discussed abt IPChains, IPTables and IPFw . I would Like to add to the list APF (Advanced Policy Firewall) a powerful firewall yet very simple.

www.rfxnetworks.com/apf.php
Top Expert 2015

Commented:
Both systems have builtin firewall, and first of all they do not run dangerous services in default configuration, so that you are safe without it.
I'd suggest starting with Mandriva Linux which by default installs interactive firewall.
Top Expert 2015

Commented:
There is no virus for UNIX since nothing is run with unlimited provilege ( root in unix terms, localsystem in windows terms)
Top Expert 2015

Commented:
Antivirus is at www.free-av.de

Author

Commented:
"There is no virus for UNIX since nothing is run with unlimited provilege ( root in unix terms, localsystem in windows terms)"

even not when I am logged in as root?
The statement that there are "no virii" for Linux and Unix is patently false.  However, they typically have far less impact that they do on Windows.

Regardless, let's step away form the Linux fervor and address the specific question the author asked.  What firewalls are available for Linux?  As many of the experts have mentioned, there are various underlying technologies, such as ipchains, iptables, ipfx, etc.  Most modern Linux distributions have support for iptables.  However, it's non-trivial to configure iptables.  So, I suggest using a firewall "builder", such as firestarter.  You can read about firestarter here:

http://www.fs-security.com/

Unfortunately, firestarter hasn't been supported by the vendor in some time, but many distributions still include it in their application repository because it's so easy to use.

Alternatively, you could use firewall builder, which is available here:

http://www.fwbuilder.org/

Although it's much more powerful than firestarter, it's not as easy to use.

I just did a quick check and both firestarter and fwbuilder are available in the Fedora 6 repositories. So they are just a few clicks away!
Wow, I saw a number of typos in my comment. Please excuse those.  The important information is still valid, though.
Top Expert 2015

Commented:
Show me the virus that runs on UNIX...

Commented:
Both Linux and FreeBSD have firewalls integrated directly in the OS kernel, so there is no way of bypass it by. pf, firewall integrated into FreeBSD (and originated from OpenBSD which is securest OS as far), considered the best one but they all are really good anyway.

There are also graphical frontends that allow you to configure firewall without messing up with text configuration files, so this shouldn't be problem.

There are viruses for Linuxes (see for example http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses ), but of course *NIX is less popular and therefore less interesting for hackers, and of course these who use Linux are used to know much more on theirs computers.

Hope this helps you with your question.

Commented:
And of course there is nothing better that antivirus that costs money (say, Kaspersky). Free antiviruses used to slow react and may have little virus signatures databases. But newer versions o0 ClamAV are sophisticated enough to catch up new viruses by using heuristic analyzer.
Top Expert 2015

Commented:
Stop FUD. Kaspersky is slow as hell and free antivirus from f-prot reacts just day before kaspersky. Never look at kaspersky-affiliated virus.gr site.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.