Jump to content
4di

Mandriva: best firewall

Recommended Posts

i have a list of mandriva based firewall ,

 

1. firestarter

2.guarddog

3.netfilter

4.shorewall (that i hate)

5.mandi

6.SmoothWall

7. classical iptables (homemade)

8. others (if you have another option please write it here)

 

i've started this topic because most of us uses firewall scripts (homemade) but i find on the google many more firewall with grafic interface and there's lot of other Linux firewalls, including some distros that are specifically for this purpose, but i want to know your oppinion about the firewall you use on your mandriva.

 

best regards,

adrian

 

 

[moved from Networking by spinynorman]

Share this post


Link to post
Share on other sites

I've always used shorewall or iptables - although as far as I know, shorewall is based on iptables anyhow (unless I'm mistaken).

 

I've used shorewall in Mandriva, and iptables in Red Hat. They seem to do the trick for me. I've not got used to doing it all at the command line yet. Some of it, but not a lot. I mostly do in a gui if I can :P

Share this post


Link to post
Share on other sites

Most firewalls are indeed a front-end to iptables. I tend to use whatever default comes with the distro, or plain iptables.

Share this post


Link to post
Share on other sites
Most firewalls are indeed a front-end to iptables. I tend to use whatever default comes with the distro, or plain iptables.

This is true and most of them have either GUI config and/or Webmin modules...

Most hardware firewalls also use iptables as well.

Share this post


Link to post
Share on other sites
shorewall (that i hate)

This is what I prefer to manipulate iptable. Take a bit of time to get used to.

It has a blacklist etc, the most flexibility because it is txt based.

The problem with GUI is incompletness often, or untold decision they take

 

Dshield.org is a great idea while we are talking about firewall

Share this post


Link to post
Share on other sites
shorewall (that i hate)

This is what I prefer to manipulate iptable. Take a bit of time to get used to.

It has a blacklist etc, the most flexibility because it is txt based.

The problem with GUI is incompletness often, or untold decision they take

 

Dshield.org is a great idea while we are talking about firewall

Actually shorewall is as good a front end as any, its just the way mandriva implement it that makes it unpopular and seem overly complex but this is because mandriva use it as a base for the ICS ...

 

The easiest way to use shorewall is to completely overwrite the mandriva settings which are kinda bizarre due to its use for Internet Connection sharing.... and then just follow the relevant quick start guide.

 

From the shorewall site

 

Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives:

 

* m0n0wall (FreeBSD Based)

* Firestarter

 

On the other hand, if you are looking for a Linux firewall solution that can handle complex and fast changing network environments then Shorewall is a logical choice.

Personally I tend to use firestarter for adhoc firewalling (like runing a liveCd from someone elses house)

and I use my router at home because its there anyway...

Share this post


Link to post
Share on other sites

For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.

Share this post


Link to post
Share on other sites

My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it. :P

Share this post


Link to post
Share on other sites
For years, I've used Bastille. It's a frontend to iptables like almost all Linux firewalls and so does all the usual firewalling chores like IP mask, NAT, etc. The difference is it's much more than just a firewall. Bastille is a comprehensive system-hardening security tool with an easy to configure, highly informative interface. I consider Bastille indispensible and install it on every Linux installation I do. There's just nothing else like it. Anyone who takes system security seriously should check it out.

 

Bastille not working on Mandriva 2007 yet, or ever?

 

ERROR: 'MN2007.0' is not a supported operating system.

Valid operating system versions are as follows:

OSX:

'OSX10.2' 'OSX10.3' 'OSX10.4'

HP-UX:

'HP-UX11.00' 'HP-UX11.11' 'HP-UX11.22' 'HP-UX11.23' 'HP-UX11.31'

 

LINUX:

'DB2.2' 'DB3.0' 'RH6.0' 'RH6.1' 'RH6.2'

'RH7.0' 'RH7.1' 'RH7.2' 'RH7.3' 'RH8.0'

'RH9' 'RHEL4AS' 'RHEL4ES' 'RHEL4WS' 'RHEL3AS'

'RHEL3ES' 'RHEL3WS' 'RHEL2AS' 'RHEL2ES' 'RHEL2WS'

'RHFC1' 'RHFC2' 'RHFC3' 'RHFC4' 'RHFC5'

'MN6.0' 'MN6.1 ' 'MN7.0' 'MN7.1' 'MN7.2'

'MN8.0' 'MN8.1' 'MN8.2' 'MN9.2' 'MN10.0'

'MN10.1' 'MN2006.0' 'SE7.2' 'SE7.3' 'SE8.0'

'SE8.1' 'SE9.0' 'SE9.1' 'SE9.2' 'SE9.3'

'SE10.0' 'SESLES8' 'SESLES9' 'TB7.0'

 

Pitty, looks great!

Share this post


Link to post
Share on other sites

Check if it's in the repositories, if you downloaded source:

 

urpmf --name bastille

 

or you can search within the gui tools. My colleague showed me this recently, that's BSD based, but looks neat with great gui.

 

http://m0n0.ch/wall/

Share this post


Link to post
Share on other sites

i typically use whatever comes by default. i'm always behind firewalls at home or at work and so have those, but I used shorewall in mandriva, and firestarter else. firestarter just seems easy to use.

Share this post


Link to post
Share on other sites

aerogate said:

 

Bastille not working on Mandriva 2007 yet, or ever?

 

ERROR: 'MN2007.0' is not a supported operating system.

 

Ignore the error and try it anyway. It may work fine, possible it won't, but well worth a try at least. I got the same error when installing on 10.1, etc. It happens whenever you install Bastille on a system not listed in the file you quoted. And even if the GUI config mode doesn't work it might still work by using the text-based config, whick is really just as easy anyway.

 

ianw1974 said:

 

Check if it's in the repositories,

 

I seriously doubt it. For reasons I've never understood, Bastille hasn't been included in Mandriva since 8.1 or 8.2.

Share this post


Link to post
Share on other sites
My favourite firewall is smoothwall. I've run this for a number of years on an old computer that was not worth using for anything else. Why do I like smoothwall? I only need the one for running a smal network and it looks after the other computers, also the ability to run a web server, mail server on the orange interface without worrying too much about staying safe on the green network. The web interface is great to use and one can keep an eye on what is happening on the various networks. Yes it is overkill for a single computer, but I like it. :P

 

Ditto...

 

Smoothwall all the way. Being a hardware based firewall it frees your personal PC's CPU, mem, etc to be able to get on with whatever you need to do. The forums are top notch with a friendly community & there are a lot of add-ons to make the firewall even more productive. Finally there has not been one reported case a an actual break-in...& weighing in at 35MB for the iso is a bonus ;)

 

Smoothwall Forums

Smoothwall Home

Share this post


Link to post
Share on other sites

I tested guarddog for the first time yesterday on my Debian box and it seems to be pretty good. Not too hard to configure for noobs and more powerful than firestarter imho.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...