i have a list of mandriva based firewall ,
1. firestarter
2.guarddog
3.netfilter
4.shorewall (that i hate)
5.mandi
6.SmoothWall
7. classical iptables (homemade)
8. others (if you have another option please write it here)
i've started this topic because most of us uses firewall scripts (homemade) but i find on the google many more firewall with grafic interface and there's lot of other Linux firewalls, including some distros that are specifically for this purpose, but i want to know your oppinion about the firewall you use on your mandriva.
best regards,
adrian
[moved from Networking by spinynorman]
Full Version: Mandriva: best firewall
I've always used shorewall or iptables - although as far as I know, shorewall is based on iptables anyhow (unless I'm mistaken).
I've used shorewall in Mandriva, and iptables in Red Hat. They seem to do the trick for me. I've not got used to doing it all at the command line yet. Some of it, but not a lot. I mostly do in a gui if I can
I've used shorewall in Mandriva, and iptables in Red Hat. They seem to do the trick for me. I've not got used to doing it all at the command line yet. Some of it, but not a lot. I mostly do in a gui if I can
Most firewalls are indeed a front-end to iptables. I tend to use whatever default comes with the distro, or plain iptables.
QUOTE (Qchem @ Oct 12 2006, 09:39 AM) 
Most firewalls are indeed a front-end to iptables. I tend to use whatever default comes with the distro, or plain iptables.
This is true and most of them have either GUI config and/or Webmin modules...
Most hardware firewalls also use iptables as well.
QUOTE
shorewall (that i hate)
This is what I prefer to manipulate iptable. Take a bit of time to get used to.
It has a blacklist etc, the most flexibility because it is txt based.
The problem with GUI is incompletness often, or untold decision they take
Dshield.org is a great idea while we are talking about firewall
QUOTE (emmanuel_uk @ Oct 12 2006, 11:01 AM)
QUOTE
shorewall (that i hate)
This is what I prefer to manipulate iptable. Take a bit of time to get used to.
It has a blacklist etc, the most flexibility because it is txt based.
The problem with GUI is incompletness often, or untold decision they take
Dshield.org is a great idea while we are talking about firewall
Actually shorewall is as good a front end as any, its just the way mandriva implement it that makes it unpopular and seem overly complex but this is because mandriva use it as a base for the ICS ...
The easiest way to use shorewall is to completely overwrite the mandriva settings which are kinda bizarre due to its use for Internet Connection sharing.... and then just follow the relevant quick start guide.
From the shorewall site
QUOTE
Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives:
* m0n0wall (FreeBSD Based)
* Firestarter
On the other hand, if you are looking for a Linux firewall solution that can handle complex and fast changing network environments then Shorewall is a logical choice.
* m0n0wall (FreeBSD Based)
* Firestarter
On the other hand, if you are looking for a Linux firewall solution that can handle complex and fast changing network environments then Shorewall is a logical choice.
Personally I tend to use firestarter for adhoc firewalling (like runing a liveCd from someone elses house)
and I use my router at home because its there anyway...
For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.
My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it.
QUOTE (Crashdamage @ Oct 14 2006, 02:27 PM)
For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.
Bastille not working on Mandriva 2007 yet, or ever?
ERROR: 'MN2007.0' is not a supported operating system.
Valid operating system versions are as follows:
OSX:
'OSX10.2' 'OSX10.3' 'OSX10.4'
HP-UX:
'HP-UX11.00' 'HP-UX11.11' 'HP-UX11.22' 'HP-UX11.23' 'HP-UX11.31'
LINUX:
'DB2.2' 'DB3.0' 'RH6.0' 'RH6.1' 'RH6.2'
'RH7.0' 'RH7.1' 'RH7.2' 'RH7.3' 'RH8.0'
'RH9' 'RHEL4AS' 'RHEL4ES' 'RHEL4WS' 'RHEL3AS'
'RHEL3ES' 'RHEL3WS' 'RHEL2AS' 'RHEL2ES' 'RHEL2WS'
'RHFC1' 'RHFC2' 'RHFC3' 'RHFC4' 'RHFC5'
'MN6.0' 'MN6.1 ' 'MN7.0' 'MN7.1' 'MN7.2'
'MN8.0' 'MN8.1' 'MN8.2' 'MN9.2' 'MN10.0'
'MN10.1' 'MN2006.0' 'SE7.2' 'SE7.3' 'SE8.0'
'SE8.1' 'SE9.0' 'SE9.1' 'SE9.2' 'SE9.3'
'SE10.0' 'SESLES8' 'SESLES9' 'TB7.0'
Pitty, looks great!
Check if it's in the repositories, if you downloaded source:
or you can search within the gui tools. My colleague showed me this recently, that's BSD based, but looks neat with great gui.
http://m0n0.ch/wall/
CODE
urpmf --name bastille
or you can search within the gui tools. My colleague showed me this recently, that's BSD based, but looks neat with great gui.
http://m0n0.ch/wall/
i typically use whatever comes by default. i'm always behind firewalls at home or at work and so have those, but I used shorewall in mandriva, and firestarter else. firestarter just seems easy to use.
aerogate said:
Ignore the error and try it anyway. It may work fine, possible it won't, but well worth a try at least. I got the same error when installing on 10.1, etc. It happens whenever you install Bastille on a system not listed in the file you quoted. And even if the GUI config mode doesn't work it might still work by using the text-based config, whick is really just as easy anyway.
ianw1974 said:
I seriously doubt it. For reasons I've never understood, Bastille hasn't been included in Mandriva since 8.1 or 8.2.
QUOTE
Bastille not working on Mandriva 2007 yet, or ever?
ERROR: 'MN2007.0' is not a supported operating system.
ERROR: 'MN2007.0' is not a supported operating system.
Ignore the error and try it anyway. It may work fine, possible it won't, but well worth a try at least. I got the same error when installing on 10.1, etc. It happens whenever you install Bastille on a system not listed in the file you quoted. And even if the GUI config mode doesn't work it might still work by using the text-based config, whick is really just as easy anyway.
ianw1974 said:
QUOTE
Check if it's in the repositories,
I seriously doubt it. For reasons I've never understood, Bastille hasn't been included in Mandriva since 8.1 or 8.2.
QUOTE (SilverSurfer60 @ Oct 14 2006, 04:47 PM)
My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it.
Ditto...
Smoothwall all the way. Being a hardware based firewall it frees your personal PC's CPU, mem, etc to be able to get on with whatever you need to do. The forums are top notch with a friendly community & there are a lot of add-ons to make the firewall even more productive. Finally there has not been one reported case a an actual break-in...& weighing in at 35MB for the iso is a bonus
Smoothwall Forums
Smoothwall Home
DIY iptables
it took a bit too learn HOWTO use iptables but i prefer it to GUI front ends
it took a bit too learn HOWTO use iptables but i prefer it to GUI front ends
I tested guarddog for the first time yesterday on my Debian box and it seems to be pretty good. Not too hard to configure for noobs and more powerful than firestarter imho.
I use firestarter because I like the GUI it s just very user friendlly for morons like me!
Stef
Stef
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.