What firewall is the best?

[sud_crow]

Hey, this would be a POLL if i knew how to make one ;)

 

This is the list i have:

 

1) Kmyfirewall.

2) Easy Firewall Generator.

3) Firewall Builder.

4) Shorewall.

5) Guarddog.

6) FireStarter.

7) Smoothwall.

8) IPCop.

 

as far as i know they are front ends to Iptables...

i have heard of some, like Guarddog, but almost anything about the others....

 

so, what do you think, what do you use? also, give some details on why and so...

[iphitus]

Me? I use shorewall. Mainly because it comes with mandrake. So it's pretty easy to use.

Though i've always used the mandrake GUI.

But having a look in it's config files, they are very very well documented and easy to use.

 

I'll upload mine if you want.

 

As for polls, i think they are only allowed in offtopic and everything linux.

 

I'm assumingthis is for your LFS? when I get around to it, my LFS will probably run Shorewall.

 

James

[sud_crow]

Well, actually its for both of them! (MDK and LFS, and might for Arch)

 

I didnt knew Mandrake had a firewall included (actually, i supposed, with 3 cds is the least they can do! --but didnt know where) so i decided to go look for one.

by upload yours, do you mean, the config files??

well, if you think they have something that can help, i really would like to see it.

 

 

 

Also, if you tell me where i can find it, i will try it. Thnx!

[iphitus]

To use Shorewall on mandrake all you need to do is go MCC > Scurity > Firewall.

 

If shorewall isn't installed it'll install it. It might ask for the disks.

 

As for the config files, they'll only be of use on your LFS, maybe arch, because they don't have the GUI that Mandrake has. Of course you could always configure mandrake and copy the /etc/shorewall/ directory across from mandrake to Arch and LFS.

 

James

[Guest BooYah]

I thought there was a whole lot of other stuff you had to do, to get shorewall up and running, besides installing it. Was this changed it 9.1?

[MottS]

Shorewall is really easy. All the config files are at /etc/shorewall. The only files you really have to cares are rules and maybe policy. The beginning of each file explain what the file is all about. Read it carefully, make the change you have to do and don't forget to restart shorewall (type 'service shorewall restart').

 

Good luck

 

MOttS

[Gowator]

Sorry Motts: i chickened out of the Mandy config for shorewall.

I think its probably fine for a single machine but if you wanna use a machine as a gateway to others etc. I'd install the shorewall config files.

 

These are documented and work really well.

 

I installed these first and then used Webmin to edit them. If you only have one machine though the Mandy config probably works fine. It just isn't set up for multiple machines.

[MottS]

Sorry Motts: i chickened out of the Mandy config for shorewall.

I think its probably fine for a single machine but if you wanna use a machine as a gateway to others etc. I'd install the shorewall config files.  

 

These are documented and work really well.  

 

I installed these first and then used Webmin to edit them.  If you only have one machine though the Mandy config probably works fine.  It just isn't set up for multiple machines.

 

Exactly. Don't use the MCC to configure the Shorewall's config file if the machine is a gateway. In those circonstances, you have to configure it manually in /etc/shorewall. Didn't know it was possible with Webmin 'tho.. thanks for sharing it!

 

MOttS

[Crashdamage]

>1) Kmyfirewall.

>2) Easy Firewall Generator.

>3) Firewall Builder.

>4) Shorewall.

>5) iCop.

 

None of the above. The best is Bastille. Easy setup, and more than just a firewall, though it's good for that. Bastille isn't just a flavor of frontend for iptables, it's a complete system tightening tool that will even teach you something while you set it up. Very cool. I consider it one of the Linux utilities I won't do without.

 

But really, if you keep up with security updates and watch what active services you run a firewall isn't really necessary. You *can* be perfectly safe without one. I'm not always that diligent, so I run Bastille AND Portsentry - another nice tool - and let them take care of my ass.

[SoulSe]

I use shorewall on my desktop, it does everything I need it to. If, on the other hand, I was setting up a server, I would probably go for Guarddog.

 

I don't know all of the examples listed, but I suspect that with proper setup and knowledge of iptables, they would all be pretty equally good at what they were intended for.

[iphitus]

For a dedicated firewall i'd probably go smoothwall.

 

Ive seen it run, very easy to config (through apache) so you don't even need a monitor or keyboard on the firewall. I was going to use smoothwall to share my internet at home. But my dad didn't want another computer lying around.

 

James

[Guest chuck]

I'm using Mandrake's Multi-Network Firewall on a separate machine (P200, 48MB ram, 1.6 gig hdd), and it's beauty. If anyone is going to try to set this up, download the manual and really go through it. I had to reinstall a couple of times, just to get it right. MNF is definately set and forget.

[Germ]

guarddog

 

I've never been a network geek and guarddog has been the easiest to use GUI for me. :wink:

 

firestarter would be my second choice.

 

I tried shorewall when I first installed 9.1 and I think it absolutely sucks. My box was either wide open or couldn't access the internet at all.

[sarah31]

i use the one i post on my webpage

[derxen]

CrashDamage wrote:

The best is Bastille. Easy setup, and more than just a firewall, though it's good for that. Bastille isn't just a flavor of frontend for iptables, it's a complete system tightening tool that will even teach you something while you set it up. Very cool. I consider it one of the Linux utilities I won't do without.

 

Bastille sounds very interesting. Does anyone know why there are no mandrake rpm's available? You would expect it in contrib.

 

derxen