Solved

Firewall Software for Linux

Posted on 2008-06-17
16
217 Views
Last Modified: 2010-03-18
I am looking for a good but simple to configure firewall for Linux.
0
Comment
Question by:Harrris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 11

Expert Comment

by:CMYScott
ID: 21808766
do you want it to run inside a linux platform?  or a firewall that is linux based?

if the latter - I'd suggest IPCop or Smoothwall
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21812189
I simply use iptables. My teenage son tried to break in (I wasn't home) to give himself some ports for bittorrent or similar using some cracking program he found:
First it reported "This is not a windows system"
Later it reported "This is a stealth system".
He had to wait for me to come home. So you see, iptables is pretty good.
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21812705
Iptables doesn't really seem simple to configure though, although it's possible to get some external frontends for it like FWBuilder.  I recently saw iptables happily accept the errant entry of x.y.z.0/0 - which to me clearly doesn't make any sense.  You may argue that configuration errors can't be completely guarded against, but I don't think this example qualifies.  I believe iptables should report that there seems to be an error (other FWs I know would), but no.. iptables happily accepts it as an any-object.  Although I don't know if that goes for all versions.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:Harrris
ID: 21813746
I want to run it inside a Linux Platform. b.t.w. I'm using Ubuntu with GNOME. What do you mean by "linux based" ? Are there any linux based firewalls for non-Linux Systems ? Is iptables configured using a command-line interface ? or by editing a configuration script ? and is it supported in all Linux distributions ?
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21813790
iptables and netfilter but if u want linux firewall based Distro most of them easy to configure  as CMYScott said " Smoothwall , IPcop , and still many out there
Clarkconnect the best for me
Endian
Censornet
EnGarde Live
pfsense
SME server E-smith
ebox-platform

and most of them you can access as root and using iptables if you want to create your own scripts
0
 
LVL 7

Accepted Solution

by:
diepes earned 125 total points
ID: 21815675
I use firehol.
It is a bash system that configures iptable's.

It is very flexible, has a compact syntax, and has a   #firehol try
option to try new rules, and if you do not confirm in 10seconds reverts to old rules, great for preventing accidents when configuring rules remotely.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21817589
iptables is simply a command-line command. "man iptables" describes its arguments, but is in no way any kind of tutorial. Best to look at some existing rules in conjunction with the man page, to understand what is going on.
0
 

Author Comment

by:Harrris
ID: 21818452
what about firestarter ? what is your opinion ?
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21821465
Don't know it.
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21821534
can you tell for what you want to use it ?as personal firewall  for your Linux Desktop or for Network
0
 
LVL 7

Expert Comment

by:diepes
ID: 21826631
firehol config.

      interface eth0 mainInt
            protection strong
               server  "ping ssh"       accept
               client  "icmp https http"       accept

      
0
 

Author Comment

by:Harrris
ID: 21827363
I'm going to use it for my desktop computer, and maybe on the gateway machine of a small LAN (about 5 computers). b.t.w. in this kind of firewalls do you usually define what traffic will be allowed and everything else is blocked? or the other way around ? (defining the traffic to be blocked, and everything else is allowed)
0
 
LVL 7

Expert Comment

by:diepes
ID: 21833487
firehol and most of the other tools operate on the deny everything principle.

With then native iptables built into Linux, you have to set the default policy to deny (done by most of the tools) to achieve this if you set it up manually.

for the gateway option, firehol has a easy masquerade option you add to the outgoing interface and nat is done for internal pc's.   ( as you might notice i am very impressed with firehol)  what it does not have is a gui interface.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21840599
0
 

Author Comment

by:Harrris
ID: 21856308
so, if I understand correctly, iptables is the default tool used for filtering network traffic in linux, and all those tools (shorewall, firehol, e.t.c.) are just used to configure iptables ? is this right ?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21856749
Correct.

Although technically iptables is used to create rules for netfilter, which does the actual filtering.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question