?
Solved

Firewall Software for Linux

Posted on 2008-06-17
16
Medium Priority
?
220 Views
Last Modified: 2010-03-18
I am looking for a good but simple to configure firewall for Linux.
0
Comment
Question by:Harrris
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 11

Expert Comment

by:CMYScott
ID: 21808766
do you want it to run inside a linux platform?  or a firewall that is linux based?

if the latter - I'd suggest IPCop or Smoothwall
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21812189
I simply use iptables. My teenage son tried to break in (I wasn't home) to give himself some ports for bittorrent or similar using some cracking program he found:
First it reported "This is not a windows system"
Later it reported "This is a stealth system".
He had to wait for me to come home. So you see, iptables is pretty good.
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21812705
Iptables doesn't really seem simple to configure though, although it's possible to get some external frontends for it like FWBuilder.  I recently saw iptables happily accept the errant entry of x.y.z.0/0 - which to me clearly doesn't make any sense.  You may argue that configuration errors can't be completely guarded against, but I don't think this example qualifies.  I believe iptables should report that there seems to be an error (other FWs I know would), but no.. iptables happily accepts it as an any-object.  Although I don't know if that goes for all versions.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:Harrris
ID: 21813746
I want to run it inside a Linux Platform. b.t.w. I'm using Ubuntu with GNOME. What do you mean by "linux based" ? Are there any linux based firewalls for non-Linux Systems ? Is iptables configured using a command-line interface ? or by editing a configuration script ? and is it supported in all Linux distributions ?
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21813790
iptables and netfilter but if u want linux firewall based Distro most of them easy to configure  as CMYScott said " Smoothwall , IPcop , and still many out there
Clarkconnect the best for me
Endian
Censornet
EnGarde Live
pfsense
SME server E-smith
ebox-platform

and most of them you can access as root and using iptables if you want to create your own scripts
0
 
LVL 7

Accepted Solution

by:
diepes earned 500 total points
ID: 21815675
I use firehol.
It is a bash system that configures iptable's.

It is very flexible, has a compact syntax, and has a   #firehol try
option to try new rules, and if you do not confirm in 10seconds reverts to old rules, great for preventing accidents when configuring rules remotely.
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21817589
iptables is simply a command-line command. "man iptables" describes its arguments, but is in no way any kind of tutorial. Best to look at some existing rules in conjunction with the man page, to understand what is going on.
0
 

Author Comment

by:Harrris
ID: 21818452
what about firestarter ? what is your opinion ?
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21821465
Don't know it.
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21821534
can you tell for what you want to use it ?as personal firewall  for your Linux Desktop or for Network
0
 
LVL 7

Expert Comment

by:diepes
ID: 21826631
firehol config.

      interface eth0 mainInt
            protection strong
               server  "ping ssh"       accept
               client  "icmp https http"       accept

      
0
 

Author Comment

by:Harrris
ID: 21827363
I'm going to use it for my desktop computer, and maybe on the gateway machine of a small LAN (about 5 computers). b.t.w. in this kind of firewalls do you usually define what traffic will be allowed and everything else is blocked? or the other way around ? (defining the traffic to be blocked, and everything else is allowed)
0
 
LVL 7

Expert Comment

by:diepes
ID: 21833487
firehol and most of the other tools operate on the deny everything principle.

With then native iptables built into Linux, you have to set the default policy to deny (done by most of the tools) to achieve this if you set it up manually.

for the gateway option, firehol has a easy masquerade option you add to the outgoing interface and nat is done for internal pc's.   ( as you might notice i am very impressed with firehol)  what it does not have is a gui interface.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21840599
0
 

Author Comment

by:Harrris
ID: 21856308
so, if I understand correctly, iptables is the default tool used for filtering network traffic in linux, and all those tools (shorewall, firehol, e.t.c.) are just used to configure iptables ? is this right ?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21856749
Correct.

Although technically iptables is used to create rules for netfilter, which does the actual filtering.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question