Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Alternatives to Firestarter...are there any?
Alternatives to Firestarter...are there any?
Is there any firewall with a GUI built for GNOME in Lenny's repositories? If so, then which one(s)? I'd prefer not to use a KDE firewall since it doesn't intergrate well and I don't like the KDE feel and look but if I have no choice then which is the best KDE firewall in your opinion?
Thanks in advance!
Thanks in advance!
Re: Alternatives to Firestarter...are there any?
Apple PowerMac G5 - Debian Squeeze - Mac OS X 10.5
Lenovo 3000 N200 - Debian Wheezy amd64
Lenovo 3000 N200 - Debian Wheezy amd64
- Telemachus
- Posts: 4574
- Joined: 2006-12-25 15:53
- Been thanked: 2 times
I will just throw in that I find all the gui firewalls to be a big waste of cpu cycles. It takes some time to learn how to write your own iptables rules, but it's well worth the effort. Sorry if that doesn't help much.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
Have you searched the repos for firewall, looks like plenty of them are available.
apt-cache search firewall
I think a GUI firewall tool is kind of silly myself - like we need zonealarm and those cool blinky lights. Why not use one of the firewall scripts that are in the repo, or steal some iptables rules from somewhere
I dont use a firewall but I played with mason for a little while and thought it was cool and about as easy as it gets...
apt-cache search firewall
I think a GUI firewall tool is kind of silly myself - like we need zonealarm and those cool blinky lights. Why not use one of the firewall scripts that are in the repo, or steal some iptables rules from somewhere
I dont use a firewall but I played with mason for a little while and thought it was cool and about as easy as it gets...
- stoffepojken
- Posts: 705
- Joined: 2007-01-25 01:21
- Location: Stockholm, Sweden
Firestarter or Guarddog is fine as a backup to the excellent NAT firewall that comes with most routers. I leave a few ports open on the router that I use regularly (FTP, P2P programs, etc.), but close them with Firestarter until I want them active.
From GRC's ShieldsUp:
From GRC's ShieldsUp:
Good enough for me.Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Last edited by rickh on 2008-10-21 21:06, edited 1 time in total.
Debian-Lenny/Sid 32/64
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97
Additionally, if you find iptable a bit too steep a learning curve, you could use shorewall which is not a firewall by definition but really a set of scripts that run iptables.
Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:
http://www.cyberdogtech.com/firewalls/
The guide is a bit out of date (2006) but still relevant.
Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:
http://www.cyberdogtech.com/firewalls/
The guide is a bit out of date (2006) but still relevant.
Maurice Green on Usain Bolt's 9.58: "The Earth stopped for a second, and he went to Mars."
ZoneAlarm's definitely the most convenient firewall I've used. Per program permissions are, in my opinion, better than per port(I see no technical reason why these can't be combined) and ZA does have the interesting feature of requiring changed programs to be reauthorized.MeanDean wrote:Have you searched the repos for firewall, looks like plenty of them are available.
apt-cache search firewall
I think a GUI firewall tool is kind of silly myself - like we need zonealarm and those cool blinky lights. Why not use one of the firewall scripts that are in the repo, or steal some iptables rules from somewhere
I dont use a firewall but I played with mason for a little while and thought it was cool and about as easy as it gets...
I followed that guide a couple years back when I was using an old Mac as a Debian based router. Following the guide is pretty easy if you just want a simple straightforward firewall, it gets really complicated if you want to deviate from the guide though. Shorewall has a gazillion config files that you have to play with in order to get things done, and all those config files do is setup some iptables rules for you. It's much quicker and easier to just learn iptables, in my opinion.garrincha wrote:Additionally, if you find iptable a bit too steep a learning curve, you could use shorewall which is not a firewall by definition but really a set of scripts that run iptables.
Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:
http://www.cyberdogtech.com/firewalls/
The guide is a bit out of date (2006) but still relevant.
Permission to speak freely, Sir?
Yes that the Shorewall package has so many configuration files but as mentioned in my post above I only suggested this guide as one of simple solutions for setting up iptable for a simple firewall/router system. Of course, it's up to the person to explore Shorewall a bit further or simply go into the deep end of iptable scripting.Gonky wrote:I followed that guide a couple years back when I was using an old Mac as a Debian based router. Following the guide is pretty easy if you just want a simple straightforward firewall, it gets really complicated if you want to deviate from the guide though. Shorewall has a gazillion config files that you have to play with in order to get things done, and all those config files do is setup some iptables rules for you. It's much quicker and easier to just learn iptables, in my opinion.garrincha wrote: Here's a nice and simple guide for setting up a custom Debian firewall/gateway using shorewall:
http://www.cyberdogtech.com/firewalls/
The guide is a bit out of date (2006) but still relevant.
Incidentally, some people were under mistaken impression that Shorewall is a firewall, but it's not as quoted from the guide in the link above:
Before we move on, let's clear up a couple common misconceptions: Shorewall is not a firewall, and in fact it's not even an application. The common notion of a program (or daemon) is that of an application that runs continuously. This is not the case with Shorewall. Instead, Shorewall is actually just a very large set of scripts which run once and then exit. Shorewall itself does not perform any firewalling work; it merely configures iptables to your specifications, then quits.
Maurice Green on Usain Bolt's 9.58: "The Earth stopped for a second, and he went to Mars."
Before I had a router, I had no problem achieving that with Firestarter....guarddog which is the only gui firewall that shows a total green (stealth - invisible to all eyes) status at grc.com .
Debian-Lenny/Sid 32/64
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97
Desktop: Generic Core 2 Duo, EVGA 680i, Nvidia
Laptop: Generic Intel SIS/AC97
I'm using Firehol > http://firehol.sourceforge.net/
shows total green (stealth - invisible to all eyes) at grc.com
easy to setup
succes
shows total green (stealth - invisible to all eyes) at grc.com
easy to setup
succes
there's no business like .. your own business ..
Ok I did what entering "firehol" told me and now it seems that when I type "iptables -L" that I am being protected! I just want confirmation from you people please so:
deniz@debian:~$ su
Password:
debian:/home/deniz# firehol start
WARNING
File '/etc/firehol/RESERVED_IPS' is more than 90 days old.
You should update it to ensure proper operation of your firewall.
Run the supplied get-iana script to generate this file.
FireHOL: Saving your old firewall to a temporary file: OK
FireHOL: Processing file /etc/firehol/firehol.conf: OK
FireHOL: Activating new firewall (41 rules): OK
debian:/home/deniz# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
in_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
out_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
DROP all -- anywhere anywhere
Chain in_world (1 references)
target prot opt source destination
in_world_all_c1 all -- anywhere anywhere
in_world_irc_c2 all -- anywhere anywhere
in_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-world':''
DROP all -- anywhere anywhere
Chain in_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state ESTABLISHED
Chain in_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts61000 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpts61000 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts65535 dpts61000 state ESTABLISHED
Chain in_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ircd dpts61000 state ESTABLISHED
Chain out_world (1 references)
target prot opt source destination
out_world_all_c1 all -- anywhere anywhere
out_world_irc_c2 all -- anywhere anywhere
out_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''OUT-world':''
DROP all -- anywhere anywhere
Chain out_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED
Chain out_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpts65535 state RELATED,ESTABLISHED
Chain out_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ircd state NEW,ESTABLISHED
debian:/home/deniz# exit
deniz@debian:~$
When I check using System Monitor or by entering "top" in terminal, it doesn't even show the name Firehol but is this because Firehol is not a running program but just one that configures the iptables once (unless you choose to re-configure them) which is what is technically running? Please tell me if I am now protected and also please help me understand what is going on a little bit more.
Thanks in advance!
deniz@debian:~$ su
Password:
debian:/home/deniz# firehol start
WARNING
File '/etc/firehol/RESERVED_IPS' is more than 90 days old.
You should update it to ensure proper operation of your firewall.
Run the supplied get-iana script to generate this file.
FireHOL: Saving your old firewall to a temporary file: OK
FireHOL: Processing file /etc/firehol/firehol.conf: OK
FireHOL: Activating new firewall (41 rules): OK
debian:/home/deniz# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
in_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
out_world all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
DROP all -- anywhere anywhere
Chain in_world (1 references)
target prot opt source destination
in_world_all_c1 all -- anywhere anywhere
in_world_irc_c2 all -- anywhere anywhere
in_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-world':''
DROP all -- anywhere anywhere
Chain in_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state ESTABLISHED
Chain in_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts61000 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpts61000 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts65535 dpts61000 state ESTABLISHED
Chain in_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ircd dpts61000 state ESTABLISHED
Chain out_world (1 references)
target prot opt source destination
out_world_all_c1 all -- anywhere anywhere
out_world_irc_c2 all -- anywhere anywhere
out_world_ftp_c3 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''OUT-world':''
DROP all -- anywhere anywhere
Chain out_world_all_c1 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED
Chain out_world_ftp_c3 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpts65535 state RELATED,ESTABLISHED
Chain out_world_irc_c2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts61000 dpt:ircd state NEW,ESTABLISHED
debian:/home/deniz# exit
deniz@debian:~$
When I check using System Monitor or by entering "top" in terminal, it doesn't even show the name Firehol but is this because Firehol is not a running program but just one that configures the iptables once (unless you choose to re-configure them) which is what is technically running? Please tell me if I am now protected and also please help me understand what is going on a little bit more.
Thanks in advance!
Test here: https://www.grc.com/default.htm > Services > ShieldsUp!Please tell me if I am now protected
there's no business like .. your own business ..