Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Alternatives to Firestarter...are there any?

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
User avatar
s3a
Posts: 831
Joined: 2008-07-17 22:13
Has thanked: 6 times
Been thanked: 2 times

Alternatives to Firestarter...are there any?

#1 Post by s3a »

Is there any firewall with a GUI built for GNOME in Lenny's repositories? If so, then which one(s)? I'd prefer not to use a KDE firewall since it doesn't intergrate well and I don't like the KDE feel and look but if I have no choice then which is the best KDE firewall in your opinion?

Thanks in advance!

User avatar
tiresia
Posts: 26
Joined: 2008-07-01 09:22
Location: Berlin

Re: Alternatives to Firestarter...are there any?

#2 Post by tiresia »

Apple PowerMac G5 - Debian Squeeze - Mac OS X 10.5
Lenovo 3000 N200 - Debian Wheezy amd64

User avatar
Telemachus
Posts: 4574
Joined: 2006-12-25 15:53
Been thanked: 2 times

#3 Post by Telemachus »

I will just throw in that I find all the gui firewalls to be a big waste of cpu cycles. It takes some time to learn how to write your own iptables rules, but it's well worth the effort. Sorry if that doesn't help much.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

User avatar
MeanDean
Posts: 3866
Joined: 2007-09-01 01:14

#4 Post by MeanDean »

Have you searched the repos for firewall, looks like plenty of them are available.
apt-cache search firewall

I think a GUI firewall tool is kind of silly myself - like we need zonealarm and those cool blinky lights. Why not use one of the firewall scripts that are in the repo, or steal some iptables rules from somewhere

I dont use a firewall but I played with mason for a little while and thought it was cool and about as easy as it gets...

User avatar
stoffepojken
Posts: 705
Joined: 2007-01-25 01:21
Location: Stockholm, Sweden

#5 Post by stoffepojken »

arno-iptables-firewall is very easy. Not a gui but ncurses configuration.

User avatar
rickh
Posts: 3434
Joined: 2006-06-29 02:13
Location: Albuquerque, NM USA

#6 Post by rickh »

Firestarter or Guarddog is fine as a backup to the excellent NAT firewall that comes with most routers. I leave a few ports open on the router that I use regularly (FTP, P2P programs, etc.), but close them with Firestarter until I want them active.

From GRC's ShieldsUp:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Good enough for me.
Last edited by rickh on 2008-10-21 21:06, edited 1 time in total.
Debian-Lenny/Sid 32/64
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97

User avatar
garrincha
Posts: 2335
Joined: 2006-06-02 16:38

#7 Post by garrincha »

Additionally, if you find iptable a bit too steep a learning curve, you could use shorewall which is not a firewall by definition but really a set of scripts that run iptables.

Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:

http://www.cyberdogtech.com/firewalls/

The guide is a bit out of date (2006) but still relevant.
Maurice Green on Usain Bolt's 9.58: "The Earth stopped for a second, and he went to Mars."

User avatar
BioTube
Posts: 7520
Joined: 2007-06-01 04:34

#8 Post by BioTube »

MeanDean wrote:Have you searched the repos for firewall, looks like plenty of them are available.
apt-cache search firewall

I think a GUI firewall tool is kind of silly myself - like we need zonealarm and those cool blinky lights. Why not use one of the firewall scripts that are in the repo, or steal some iptables rules from somewhere

I dont use a firewall but I played with mason for a little while and thought it was cool and about as easy as it gets...
ZoneAlarm's definitely the most convenient firewall I've used. Per program permissions are, in my opinion, better than per port(I see no technical reason why these can't be combined) and ZA does have the interesting feature of requiring changed programs to be reauthorized.
Image
Ludwig von Mises wrote:The elite should be supreme by virtue of persuasion, not by the assistance of firing squads.

User avatar
Gonky
Posts: 156
Joined: 2008-06-30 23:49

#9 Post by Gonky »

garrincha wrote:Additionally, if you find iptable a bit too steep a learning curve, you could use shorewall which is not a firewall by definition but really a set of scripts that run iptables.

Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:

http://www.cyberdogtech.com/firewalls/

The guide is a bit out of date (2006) but still relevant.
I followed that guide a couple years back when I was using an old Mac as a Debian based router. Following the guide is pretty easy if you just want a simple straightforward firewall, it gets really complicated if you want to deviate from the guide though. Shorewall has a gazillion config files that you have to play with in order to get things done, and all those config files do is setup some iptables rules for you. It's much quicker and easier to just learn iptables, in my opinion.
Permission to speak freely, Sir?

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

#10 Post by Bulkley »

ipmasq is simple to set up.

User avatar
garrincha
Posts: 2335
Joined: 2006-06-02 16:38

#11 Post by garrincha »

Gonky wrote:
garrincha wrote: Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:

http://www.cyberdogtech.com/firewalls/

The guide is a bit out of date (2006) but still relevant.
I followed that guide a couple years back when I was using an old Mac as a Debian based router. Following the guide is pretty easy if you just want a simple straightforward firewall, it gets really complicated if you want to deviate from the guide though. Shorewall has a gazillion config files that you have to play with in order to get things done, and all those config files do is setup some iptables rules for you. It's much quicker and easier to just learn iptables, in my opinion.
Yes that the Shorewall package has so many configuration files but as mentioned in my post above I only suggested this guide as one of simple solutions for setting up iptable for a simple firewall/router system. Of course, it's up to the person to explore Shorewall a bit further or simply go into the deep end of iptable scripting.

Incidentally, some people were under mistaken impression that Shorewall is a firewall, but it's not as quoted from the guide in the link above:
Before we move on, let's clear up a couple common misconceptions: Shorewall is not a firewall, and in fact it's not even an application. The common notion of a program (or daemon) is that of an application that runs continuously. This is not the case with Shorewall. Instead, Shorewall is actually just a very large set of scripts which run once and then exit. Shorewall itself does not perform any firewalling work; it merely configures iptables to your specifications, then quits.
Maurice Green on Usain Bolt's 9.58: "The Earth stopped for a second, and he went to Mars."

Lou
Posts: 1739
Joined: 2006-05-08 02:15

#12 Post by Lou »

Being dense when it comes to iptables and rules, i use guarddog which is the only gui firewall that shows a total green (stealth - invisible to all eyes) status at grc.com .
Devuan Jessie - IceWM - vimperator - no DM
KISS - Keep It Simple, Stupid

User avatar
rickh
Posts: 3434
Joined: 2006-06-29 02:13
Location: Albuquerque, NM USA

#13 Post by rickh »

...guarddog which is the only gui firewall that shows a total green (stealth - invisible to all eyes) status at grc.com .
Before I had a router, I had no problem achieving that with Firestarter.
Debian-Lenny/Sid 32/64
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97

User avatar
freek
Posts: 74
Joined: 2007-04-03 01:36
Location: Netherlands

#14 Post by freek »

I'm using Firehol > http://firehol.sourceforge.net/
shows total green (stealth - invisible to all eyes) at grc.com

easy to setup

succes
there's no business like .. your own business ..

User avatar
s3a
Posts: 831
Joined: 2008-07-17 22:13
Has thanked: 6 times
Been thanked: 2 times

#15 Post by s3a »

Ok I did what entering "firehol" told me and now it seems that when I type "iptables -L" that I am being protected! I just want confirmation from you people please so:

deniz@debian:~$ su
Password:
debian:/home/deniz# firehol start


WARNING
File '/etc/firehol/RESERVED_IPS' is more than 90 days old.
You should update it to ensure proper operation of your firewall.

Run the supplied get-iana script to generate this file.

FireHOL: Saving your old firewall to a temporary file: OK
FireHOL: Processing file /etc/firehol/firehol.conf: OK
FireHOL: Activating new firewall (41 rules): OK
debian:/home/deniz# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
in_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
DROP all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
out_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
DROP all -- anywhere anywhere

Chain in_world (1 references)
target prot opt source destination
in_world_all_c1 all -- anywhere anywhere
in_world_irc_c2 all -- anywhere anywhere
in_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-world':''
DROP all -- anywhere anywhere

Chain in_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state ESTABLISHED

Chain in_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:32768:61000 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpts:32768:61000 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:32768:61000 state ESTABLISHED

Chain in_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ircd dpts:32768:61000 state ESTABLISHED

Chain out_world (1 references)
target prot opt source destination
out_world_all_c1 all -- anywhere anywhere
out_world_irc_c2 all -- anywhere anywhere
out_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''OUT-world':''
DROP all -- anywhere anywhere

Chain out_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED

Chain out_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpts:1024:65535 state RELATED,ESTABLISHED

Chain out_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:32768:61000 dpt:ircd state NEW,ESTABLISHED
debian:/home/deniz# exit
deniz@debian:~$


When I check using System Monitor or by entering "top" in terminal, it doesn't even show the name Firehol but is this because Firehol is not a running program but just one that configures the iptables once (unless you choose to re-configure them) which is what is technically running? Please tell me if I am now protected and also please help me understand what is going on a little bit more.

Thanks in advance!

User avatar
freek
Posts: 74
Joined: 2007-04-03 01:36
Location: Netherlands

#16 Post by freek »

Please tell me if I am now protected
Test here: https://www.grc.com/default.htm > Services > ShieldsUp!
there's no business like .. your own business ..

Post Reply