Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Firewall Software for Linux

Posted on 2008-06-17
16
Medium Priority
?
219 Views
Last Modified: 2010-03-18
I am looking for a good but simple to configure firewall for Linux.
0
Comment
Question by:Harrris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 11

Expert Comment

by:CMYScott
ID: 21808766
do you want it to run inside a linux platform?  or a firewall that is linux based?

if the latter - I'd suggest IPCop or Smoothwall
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21812189
I simply use iptables. My teenage son tried to break in (I wasn't home) to give himself some ports for bittorrent or similar using some cracking program he found:
First it reported "This is not a windows system"
Later it reported "This is a stealth system".
He had to wait for me to come home. So you see, iptables is pretty good.
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21812705
Iptables doesn't really seem simple to configure though, although it's possible to get some external frontends for it like FWBuilder.  I recently saw iptables happily accept the errant entry of x.y.z.0/0 - which to me clearly doesn't make any sense.  You may argue that configuration errors can't be completely guarded against, but I don't think this example qualifies.  I believe iptables should report that there seems to be an error (other FWs I know would), but no.. iptables happily accepts it as an any-object.  Although I don't know if that goes for all versions.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Harrris
ID: 21813746
I want to run it inside a Linux Platform. b.t.w. I'm using Ubuntu with GNOME. What do you mean by "linux based" ? Are there any linux based firewalls for non-Linux Systems ? Is iptables configured using a command-line interface ? or by editing a configuration script ? and is it supported in all Linux distributions ?
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21813790
iptables and netfilter but if u want linux firewall based Distro most of them easy to configure  as CMYScott said " Smoothwall , IPcop , and still many out there
Clarkconnect the best for me
Endian
Censornet
EnGarde Live
pfsense
SME server E-smith
ebox-platform

and most of them you can access as root and using iptables if you want to create your own scripts
0
 
LVL 7

Accepted Solution

by:
diepes earned 500 total points
ID: 21815675
I use firehol.
It is a bash system that configures iptable's.

It is very flexible, has a compact syntax, and has a   #firehol try
option to try new rules, and if you do not confirm in 10seconds reverts to old rules, great for preventing accidents when configuring rules remotely.
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21817589
iptables is simply a command-line command. "man iptables" describes its arguments, but is in no way any kind of tutorial. Best to look at some existing rules in conjunction with the man page, to understand what is going on.
0
 

Author Comment

by:Harrris
ID: 21818452
what about firestarter ? what is your opinion ?
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21821465
Don't know it.
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21821534
can you tell for what you want to use it ?as personal firewall  for your Linux Desktop or for Network
0
 
LVL 7

Expert Comment

by:diepes
ID: 21826631
firehol config.

      interface eth0 mainInt
            protection strong
               server  "ping ssh"       accept
               client  "icmp https http"       accept

      
0
 

Author Comment

by:Harrris
ID: 21827363
I'm going to use it for my desktop computer, and maybe on the gateway machine of a small LAN (about 5 computers). b.t.w. in this kind of firewalls do you usually define what traffic will be allowed and everything else is blocked? or the other way around ? (defining the traffic to be blocked, and everything else is allowed)
0
 
LVL 7

Expert Comment

by:diepes
ID: 21833487
firehol and most of the other tools operate on the deny everything principle.

With then native iptables built into Linux, you have to set the default policy to deny (done by most of the tools) to achieve this if you set it up manually.

for the gateway option, firehol has a easy masquerade option you add to the outgoing interface and nat is done for internal pc's.   ( as you might notice i am very impressed with firehol)  what it does not have is a gui interface.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21840599
0
 

Author Comment

by:Harrris
ID: 21856308
so, if I understand correctly, iptables is the default tool used for filtering network traffic in linux, and all those tools (shorewall, firehol, e.t.c.) are just used to configure iptables ? is this right ?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21856749
Correct.

Although technically iptables is used to create rules for netfilter, which does the actual filtering.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question