Guarddog or Firestarter?

[3lade]

I'm sorry for such a simple questions but I am having severe problems setting up a firewall.

 

First I tried Firestarter, looked good, easy set up but each time I run it I get a error about IPtables and my e-mails dont work, (Yes I had got the relevant protocols activated :wink:)

 

So I tried Guarddog, it must be me because I can not configure it. The help menu only brings up the KDE help menu (?) When thats running everything is locked down.

 

So any help advice welcome, but please keep it simple

[ezroller]

Guarddog preference here. What questions did you have about it? If their not too tech savvy, maybe I can help.

[onurb]

I am an absolute Guarddog fan, simple ,easy, effective !

[Counterspy]

Another vote for Guarddog unless you are into knowing more about security.

 

Counterspy

[tyme]

haven't tried guarddog yet, will have to check it out. i've used firestarter, and found it fairly easy to see where people were connecting to me and what services ran on that port, and then blocking which ones i felt should be blocked.

 

i even would block specific IP addresses that were a constant annoyance :)

[3lade]

Every time I run Firestarter I get an error message about iptables

[adam@localhost adam]$ su

Password:

[root@localhost adam]# firestarter

/etc/firestarter/firewall.sh: line 139: [: =: unary operator expected

/etc/firestarter/firewall.sh: line 139: [: =: unary operator expected

Bad argument `#'

Try `iptables -h' or 'iptables --help' for more information.

Bad argument `#'

Try `iptables -h' or 'iptables --help' for more information.

Bad argument `#'

Try `iptables -h' or 'iptables --help' for more information.

Bad argument `#'

Try `iptables -h' or 'iptables --help' for more information.

Firewall script restarted

What the feck does it all mean? and how can I solve it?

[ezroller]

this may be a stupid question, but I have to ask: Is iptables installed?

[tyme]

open up /etc/firestarter/firewall.sh in your favorite editor, find line 139, and post that line up here.

 

though i had no problems getting firestarted working on my MDK9.0 box...but...you never know.

[3lade]

line 139 reads

 if [ $s1 = "nameserver" ] ; then

hope this helps.

 

I've looked for iptables and under MCC i cant remove it, so is not installed. Checked installable software, yep got iptables-1.2.6a-1mdk and iptables-ipv6-1.2.6a-1mdk just thought I would have another look round and under services I do have a service for iptables and iptables6 both of these are set up to start on boot but are currently stopped.

[tyme]

i'll have to take a look at the whole file when i get home, that doesn't look wrong but who knows.

 

but, before we get that far, install the iptables RPMs.

[Relic2K]

The reason why everything is locked down, is because it acts more like a real firewall, than other FW programs and the default setting is "deny all". You have to enable services/ports such as POP/SMTP/DNS/HTTP(S) in order for you to access the your ISP and get out onto the internet, then you can begin to create various Zones and custom rules for the services (ie. games, programs) that are not available in the rules settings (ie. Halflife, Quake, IRC, MSN, ICQ). I had to create my own for some of the programs or servers that I run and wanted people to have access to (ie. UT2003 Dedicated Server).