?
Solved

Firewall Software for Linux

Posted on 2008-06-17
16
Medium Priority
?
218 Views
Last Modified: 2010-03-18
I am looking for a good but simple to configure firewall for Linux.
0
Comment
Question by:Harrris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 11

Expert Comment

by:CMYScott
ID: 21808766
do you want it to run inside a linux platform?  or a firewall that is linux based?

if the latter - I'd suggest IPCop or Smoothwall
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21812189
I simply use iptables. My teenage son tried to break in (I wasn't home) to give himself some ports for bittorrent or similar using some cracking program he found:
First it reported "This is not a windows system"
Later it reported "This is a stealth system".
He had to wait for me to come home. So you see, iptables is pretty good.
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21812705
Iptables doesn't really seem simple to configure though, although it's possible to get some external frontends for it like FWBuilder.  I recently saw iptables happily accept the errant entry of x.y.z.0/0 - which to me clearly doesn't make any sense.  You may argue that configuration errors can't be completely guarded against, but I don't think this example qualifies.  I believe iptables should report that there seems to be an error (other FWs I know would), but no.. iptables happily accepts it as an any-object.  Although I don't know if that goes for all versions.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:Harrris
ID: 21813746
I want to run it inside a Linux Platform. b.t.w. I'm using Ubuntu with GNOME. What do you mean by "linux based" ? Are there any linux based firewalls for non-Linux Systems ? Is iptables configured using a command-line interface ? or by editing a configuration script ? and is it supported in all Linux distributions ?
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21813790
iptables and netfilter but if u want linux firewall based Distro most of them easy to configure  as CMYScott said " Smoothwall , IPcop , and still many out there
Clarkconnect the best for me
Endian
Censornet
EnGarde Live
pfsense
SME server E-smith
ebox-platform

and most of them you can access as root and using iptables if you want to create your own scripts
0
 
LVL 7

Accepted Solution

by:
diepes earned 500 total points
ID: 21815675
I use firehol.
It is a bash system that configures iptable's.

It is very flexible, has a compact syntax, and has a   #firehol try
option to try new rules, and if you do not confirm in 10seconds reverts to old rules, great for preventing accidents when configuring rules remotely.
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21817589
iptables is simply a command-line command. "man iptables" describes its arguments, but is in no way any kind of tutorial. Best to look at some existing rules in conjunction with the man page, to understand what is going on.
0
 

Author Comment

by:Harrris
ID: 21818452
what about firestarter ? what is your opinion ?
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 21821465
Don't know it.
0
 
LVL 11

Expert Comment

by:gothicbloody
ID: 21821534
can you tell for what you want to use it ?as personal firewall  for your Linux Desktop or for Network
0
 
LVL 7

Expert Comment

by:diepes
ID: 21826631
firehol config.

      interface eth0 mainInt
            protection strong
               server  "ping ssh"       accept
               client  "icmp https http"       accept

      
0
 

Author Comment

by:Harrris
ID: 21827363
I'm going to use it for my desktop computer, and maybe on the gateway machine of a small LAN (about 5 computers). b.t.w. in this kind of firewalls do you usually define what traffic will be allowed and everything else is blocked? or the other way around ? (defining the traffic to be blocked, and everything else is allowed)
0
 
LVL 7

Expert Comment

by:diepes
ID: 21833487
firehol and most of the other tools operate on the deny everything principle.

With then native iptables built into Linux, you have to set the default policy to deny (done by most of the tools) to achieve this if you set it up manually.

for the gateway option, firehol has a easy masquerade option you add to the outgoing interface and nat is done for internal pc's.   ( as you might notice i am very impressed with firehol)  what it does not have is a gui interface.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21840599
0
 

Author Comment

by:Harrris
ID: 21856308
so, if I understand correctly, iptables is the default tool used for filtering network traffic in linux, and all those tools (shorewall, firehol, e.t.c.) are just used to configure iptables ? is this right ?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21856749
Correct.

Although technically iptables is used to create rules for netfilter, which does the actual filtering.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 17 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question