Linux firewalls

[ezroller]

Well, there was a really good thread going on in here about linux firewalls and firewall applications that got deleted by mistake (mine, sorry) I just wanted to try and get the info rolling again.

 

A few that I like:

 

guarddog http://www.simonzone.com/software/guarddog/

 

fwbuilder http://www.fwbuilder.org/

 

again my apologies to whomever had started that thread.

[Guest Cyclops]

I've had really good luck in the past running FireStarter under Mandrake 8.2, and it was easy to install, configure, and use.

 

http://firestarter.sourceforge.net/

[ab2ms]

I've had really good luck in the past running FireStarter under Mandrake 8.2, and it was easy to install, configure, and use.

 

http://firestarter.sourceforge.net/

 

The info on their page looks very interesting. I may try it tomorrow if I have time. Just wondering if there is much sacrifice running under KDE rather than Gnome. It says it runs under KDE, but is optimized for gnome. Does that cause any trade-off?

[ab2ms]

OK so I jumped the gun. Got firestarter up and running and it seems great. Now to try and see what all the "buttons and whistles" do

 

also my favorite site to test my security is www.grc.com in the Shields up! section.

[DOlson]

Yeah, that's what I use too, and all my ports are stealthed, except the ones I need, such as 80, 21, 22, and so forth.

[Guest Cyclops]

OK so I jumped the gun. Got firestarter up and running and it seems great. Now to try and see what all the "buttons and whistles" do

 

No, I've not had any problems running it under KDE. In fact, it seems as though it were written for KDE. Gibson Research Center has always shown my ports in "stealth" status when running it, so I've been happy. Glad to hear it's working for you... 8)

[Guest Joe Noob]

What are your thoughts on Bastille?

[Guest]

It is not going to be in V9.0 and the person working for Mandrake specifically on it has been laid off. It will be shorewall, with its self-possessed attitude to new users, and msec from Vincent Danen at Mandrakesoft.

 

Bluebeard.

[mystified]

Has anyone tried installing any of these firewalls with MDK9? I've tried a few and ran into problems compiling. I used Bastille but as bluebeard pointed out it's no longer available. I installed the new one and wasn't impressed. I did go to www.grc.com and ran a check and everything came back fine but I'd like to find an interactive firewall.

[Guest defunct]

Can anyone outline a good security setup here, like for a personal workstation?

 

Like for example:

 

firestarter

ip chains

portsentry

 

Can someone setup a list like that and explain what would be good for a personal workstation to pretty much be secure?

[Ronin]

Can anyone outline a good security setup here,  like for a personal workstation?

 

How about this option? Take that spare computer of yours and run it as a dedicated firewall with something like IPCop? I suggest that one as I know it best. It has a nice web frontend to do basic configurations on it or you can ssh to the box and do some serious work on it. http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome

[Guest defunct]

Ya I have heard that option alot and people have told it to me like I actually know how to do it lol.. I don't know what exactly is needed or what to do.. If someone would help me I might do it Anyways, also if I make it a dedicated firewall can I allow it to still access email and browse the web too? I would like to do this so my lil bro has a box so he can email his dad and shit and look at the stupid sites he does. He doesn't bug me to use my computer and he doesn't necessarily want one or want my mom to waste money when all he wants to do is a couple of dumb things so i figured turning this box into something useful would help.

[Guest defunct]

Oh Ya and I also already have two phonelines one for my comp (virutally 24/7 whether i'm here or not) and one for me to talk on along with a cellphone (i don't pay for any of this =) and so it would be a big waste to buy another just so we could do these things at the same time thats why networking is a good option.. but would the 56k speed be reduced like by half if we were both browsing the web at the same time?? Or would it just be slower like while we're downloading the webpages and depend on the size etc. If there was anything else like cable, dsl, etc. out here we would have it there just isn't jack #$@#. Alltel my isp like offers dsl and crap like 20 mins away but its been that way about three years, and i doubt it'll change anytime soon.

[Ronin]

Yes you can. I have an old pos IBM, p100 and a whopping 64mg of ram and a 2g hd that is running IPCop on as my firewall/NAT box. By default to the lan it allows email, web, ftp etc. You can set up a DMZ for things like emial, ftp, web servers if you want to run those or you can forwared the ports back to the lan server if you haven't got enough boxs.

 

 

I have my ISP line going into the firewall and from one nic there to a 8 port hub and the other nic to the DMZ where I have my servers and

I've never noticed a performance drop in speed due to the wall, unless I misconfigured it of course.

[Guest defunct]

how old are you?? (wondering because the equipment..) second of all, whats DMZ stand for??

Also you say 'whopping 64mg ram' lol when i bought this 600mhz comp it only had 64mb ram i had to upgrade to 256 which is well enough.. anyways my comp has 16mb of ram lol the other one i mean that i would use for that. I tried throwing a 64mb of ram thing in the slot but it was too big.