Solved

Firewall Software for Linux

Posted on 2008-06-17
16
214 Views
Last Modified: 2010-03-18
I am looking for a good but simple to configure firewall for Linux.
0
Comment
Question by:Harrris
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 11

Expert Comment

by:CMYScott
ID: 21808766
do you want it to run inside a linux platform?  or a firewall that is linux based?

if the latter - I'd suggest IPCop or Smoothwall
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21812189
I simply use iptables. My teenage son tried to break in (I wasn't home) to give himself some ports for bittorrent or similar using some cracking program he found:
First it reported "This is not a windows system"
Later it reported "This is a stealth system".
He had to wait for me to come home. So you see, iptables is pretty good.
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21812705
Iptables doesn't really seem simple to configure though, although it's possible to get some external frontends for it like FWBuilder.  I recently saw iptables happily accept the errant entry of x.y.z.0/0 - which to me clearly doesn't make any sense.  You may argue that configuration errors can't be completely guarded against, but I don't think this example qualifies.  I believe iptables should report that there seems to be an error (other FWs I know would), but no.. iptables happily accepts it as an any-object.  Although I don't know if that goes for all versions.
0
 

Author Comment

by:Harrris
ID: 21813746
I want to run it inside a Linux Platform. b.t.w. I'm using Ubuntu with GNOME. What do you mean by "linux based" ? Are there any linux based firewalls for non-Linux Systems ? Is iptables configured using a command-line interface ? or by editing a configuration script ? and is it supported in all Linux distributions ?
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21813790
iptables and netfilter but if u want linux firewall based Distro most of them easy to configure  as CMYScott said " Smoothwall , IPcop , and still many out there
Clarkconnect the best for me
Endian
Censornet
EnGarde Live
pfsense
SME server E-smith
ebox-platform

and most of them you can access as root and using iptables if you want to create your own scripts
0
 
LVL 7

Accepted Solution

by:
diepes earned 125 total points
ID: 21815675
I use firehol.
It is a bash system that configures iptable's.

It is very flexible, has a compact syntax, and has a   #firehol try
option to try new rules, and if you do not confirm in 10seconds reverts to old rules, great for preventing accidents when configuring rules remotely.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21817589
iptables is simply a command-line command. "man iptables" describes its arguments, but is in no way any kind of tutorial. Best to look at some existing rules in conjunction with the man page, to understand what is going on.
0
 

Author Comment

by:Harrris
ID: 21818452
what about firestarter ? what is your opinion ?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21821465
Don't know it.
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21821534
can you tell for what you want to use it ?as personal firewall  for your Linux Desktop or for Network
0
 
LVL 7

Expert Comment

by:diepes
ID: 21826631
firehol config.

      interface eth0 mainInt
            protection strong
               server  "ping ssh"       accept
               client  "icmp https http"       accept

      
0
 

Author Comment

by:Harrris
ID: 21827363
I'm going to use it for my desktop computer, and maybe on the gateway machine of a small LAN (about 5 computers). b.t.w. in this kind of firewalls do you usually define what traffic will be allowed and everything else is blocked? or the other way around ? (defining the traffic to be blocked, and everything else is allowed)
0
 
LVL 7

Expert Comment

by:diepes
ID: 21833487
firehol and most of the other tools operate on the deny everything principle.

With then native iptables built into Linux, you have to set the default policy to deny (done by most of the tools) to achieve this if you set it up manually.

for the gateway option, firehol has a easy masquerade option you add to the outgoing interface and nat is done for internal pc's.   ( as you might notice i am very impressed with firehol)  what it does not have is a gui interface.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21840599
0
 

Author Comment

by:Harrris
ID: 21856308
so, if I understand correctly, iptables is the default tool used for filtering network traffic in linux, and all those tools (shorewall, firehol, e.t.c.) are just used to configure iptables ? is this right ?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21856749
Correct.

Although technically iptables is used to create rules for netfilter, which does the actual filtering.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now