Jump to content

Mandriva: best firewall


4di
 Share

Recommended Posts

i have a list of mandriva based firewall ,

 

1. firestarter

2.guarddog

3.netfilter

4.shorewall (that i hate)

5.mandi

6.SmoothWall

7. classical iptables (homemade)

8. others (if you have another option please write it here)

 

i've started this topic because most of us uses firewall scripts (homemade) but i find on the google many more firewall with grafic interface and there's lot of other Linux firewalls, including some distros that are specifically for this purpose, but i want to know your oppinion about the firewall you use on your mandriva.

 

best regards,

adrian

 

 

[moved from Networking by spinynorman]

Link to comment
Share on other sites

I've always used shorewall or iptables - although as far as I know, shorewall is based on iptables anyhow (unless I'm mistaken).

 

I've used shorewall in Mandriva, and iptables in Red Hat. They seem to do the trick for me. I've not got used to doing it all at the command line yet. Some of it, but not a lot. I mostly do in a gui if I can :P

Link to comment
Share on other sites

shorewall (that i hate)

This is what I prefer to manipulate iptable. Take a bit of time to get used to.

It has a blacklist etc, the most flexibility because it is txt based.

The problem with GUI is incompletness often, or untold decision they take

 

Dshield.org is a great idea while we are talking about firewall

Link to comment
Share on other sites

shorewall (that i hate)

This is what I prefer to manipulate iptable. Take a bit of time to get used to.

It has a blacklist etc, the most flexibility because it is txt based.

The problem with GUI is incompletness often, or untold decision they take

 

Dshield.org is a great idea while we are talking about firewall

Actually shorewall is as good a front end as any, its just the way mandriva implement it that makes it unpopular and seem overly complex but this is because mandriva use it as a base for the ICS ...

 

The easiest way to use shorewall is to completely overwrite the mandriva settings which are kinda bizarre due to its use for Internet Connection sharing.... and then just follow the relevant quick start guide.

 

From the shorewall site

 

Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives:

 

* m0n0wall (FreeBSD Based)

* Firestarter

 

On the other hand, if you are looking for a Linux firewall solution that can handle complex and fast changing network environments then Shorewall is a logical choice.

Personally I tend to use firestarter for adhoc firewalling (like runing a liveCd from someone elses house)

and I use my router at home because its there anyway...

Link to comment
Share on other sites

For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.

Link to comment
Share on other sites

My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it. :P

Link to comment
Share on other sites

  • 1 month later...
For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.

 

Bastille not working on Mandriva 2007 yet, or ever?

 

ERROR: 'MN2007.0' is not a supported operating system.

Valid operating system versions are as follows:

OSX:

'OSX10.2' 'OSX10.3' 'OSX10.4'

HP-UX:

'HP-UX11.00' 'HP-UX11.11' 'HP-UX11.22' 'HP-UX11.23' 'HP-UX11.31'

 

LINUX:

'DB2.2' 'DB3.0' 'RH6.0' 'RH6.1' 'RH6.2'

'RH7.0' 'RH7.1' 'RH7.2' 'RH7.3' 'RH8.0'

'RH9' 'RHEL4AS' 'RHEL4ES' 'RHEL4WS' 'RHEL3AS'

'RHEL3ES' 'RHEL3WS' 'RHEL2AS' 'RHEL2ES' 'RHEL2WS'

'RHFC1' 'RHFC2' 'RHFC3' 'RHFC4' 'RHFC5'

'MN6.0' 'MN6.1 ' 'MN7.0' 'MN7.1' 'MN7.2'

'MN8.0' 'MN8.1' 'MN8.2' 'MN9.2' 'MN10.0'

'MN10.1' 'MN2006.0' 'SE7.2' 'SE7.3' 'SE8.0'

'SE8.1' 'SE9.0' 'SE9.1' 'SE9.2' 'SE9.3'

'SE10.0' 'SESLES8' 'SESLES9' 'TB7.0'

 

Pitty, looks great!

Link to comment
Share on other sites

Check if it's in the repositories, if you downloaded source:

 

urpmf --name bastille

 

or you can search within the gui tools. My colleague showed me this recently, that's BSD based, but looks neat with great gui.

 

http://m0n0.ch/wall/

Link to comment
Share on other sites

i typically use whatever comes by default. i'm always behind firewalls at home or at work and so have those, but I used shorewall in mandriva, and firestarter else. firestarter just seems easy to use.

Link to comment
Share on other sites

aerogate said:

 

Bastille not working on Mandriva 2007 yet, or ever?

 

ERROR: 'MN2007.0' is not a supported operating system.

 

Ignore the error and try it anyway. It may work fine, possible it won't, but well worth a try at least. I got the same error when installing on 10.1, etc. It happens whenever you install Bastille on a system not listed in the file you quoted. And even if the GUI config mode doesn't work it might still work by using the text-based config, whick is really just as easy anyway.

 

ianw1974 said:

 

Check if it's in the repositories,

 

I seriously doubt it. For reasons I've never understood, Bastille hasn't been included in Mandriva since 8.1 or 8.2.

Link to comment
Share on other sites

My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it. :P

 

Ditto...

 

Smoothwall all the way. Being a hardware based firewall it frees your personal PC's CPU, mem, etc to be able to get on with whatever you need to do. The forums are top notch with a friendly community & there are a lot of add-ons to make the firewall even more productive. Finally there has not been one reported case a an actual break-in...& weighing in at 35MB for the iso is a bonus ;)

 

Smoothwall Forums

Smoothwall Home

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...