Questions about Firewalls and computer monitoring

New to Debian (Or Linux in general)? Ask your questions here!

Questions about Firewalls and computer monitoring

Postby Marie SWE » 2021-04-07 21:54

Hi all. :D

I'm a newbie on Debian as for two weeks back... I have little more than two year user experience of Linux as a operating system and maximum 4-6 month of tweaking around in linux Mint18 and LMDE3 to make them work under this two+ years... So I'm trying to get the same control/function over my linux Debian workstations as I have/had on my windows workstations.
I have around 30years experience of windowsOS and I have notice that my microsofts/windows knowledge is my enemy and makes things much harder in Linux, do to windows thinking/solutions/troubleshooting and the worst part, I am used to GUI's since mid/late 90s and I like them. :oops:
So I have two newbie questions :)

First question.. Firewalls.
I tried to find a good firewall in the beginning with Mint18.. and failed.. so I stopped looking and focused on other things.. now it is a priority again and i have tried to find info online and failed again.. So my question is, Does it exist a good and advanced firewall to linux desktop?? free or paid.
*Requirement is. it should be able to handle mac-address rules not only IP. ( I recently learned that iptables can handle mac-adress rules )
*It should preferably be able to have a default rule to block inbound and outbound traffic. and when a new program wants network access, the firewall should ask if the program should be denied or allowed.
And last.. I would like if it had some kind of graphical user interface for management and easy overviewing.

Second question.. Monitoring.
I also would like to know what my computer is doing.. so I wonder if there is some program like windows"resource monitor" that monitor program/processes cpu activity, memory usage, diskactivity what program/process read/write to what file at the time and networkactivity what program/process connects to what target IP-adress at the time.

Is this two questions possible in Linux desktop?

I thank you all, for all answers in advance. :D
//Marie
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
Marie SWE
 
Posts: 21
Joined: 2021-04-06 22:14

Re: Questions about Firewalls and computer monitoring

Postby Bulkley » 2021-04-07 22:27

I used to manually set up IPtables which has been replace with Nftables. Worth looking up. I've tried others including gufw. I have not tried shorewall but that may be the one that interests you in your network. For myself I abandoned all of these and set my Internet router/modem onboard firewall to maximum security.
Bulkley
 
Posts: 6102
Joined: 2006-02-11 18:35

Re: Questions about Firewalls and computer monitoring

Postby Marie SWE » 2021-04-07 23:25

Bulkley wrote:I used to manually set up IPtables which has been replace with Nftables. Worth looking up. I've tried others including gufw. I have not tried shorewall but that may be the one that interests you in your network. For myself I abandoned all of these and set my Internet router/modem onboard firewall to maximum security.


Gufw is absolutely better than nothing :) .... but it is a joke.. windows firewall is more advanced then gufw. :lol:
I have not read anything about Nftables. so can it use mac-address filtering like iptables?
Shorewall, I will read about it some more tomorrow after I have slept.. very messy documentation on their site :roll:
Thanks for your tip. :)

As first defense from internet I have a pfSense machine... and my old cisco firewall as backup/fallback.. I switched from my cisco do to old firmware.. but a okay backup to prevent longer downtime if something brakes on my pfsense.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
Marie SWE
 
Posts: 21
Joined: 2021-04-06 22:14

Re: Questions about Firewalls and computer monitoring

Postby Bulkley » 2021-04-08 01:00

For a resource monitor many users rely on Conky.

Back to the firewall issue, it really depends upon what you want. Agreed, gufw is not impressive. From what I can tell you want more and better. For most computers the big threat comes through the Internet. If multiple people will be using your computers and connecting their USB thumb drives then you need protection on each terminal.

I've never used it myself but look up Freedombox.
FreedomBox is designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or jabber server to a wiki or VPN. A web interface allows you to easily install and configure your apps.
Freedombox is available in Debian's repositoriy.
Bulkley
 
Posts: 6102
Joined: 2006-02-11 18:35

Re: Questions about Firewalls and computer monitoring

Postby Marie SWE » 2021-04-08 02:20

Bulkley wrote:For a resource monitor many users rely on Conky.

Back to the firewall issue, it really depends upon what you want. Agreed, gufw is not impressive. From what I can tell you want more and better. For most computers the big threat comes through the Internet. If multiple people will be using your computers and connecting their USB thumb drives then you need protection on each terminal.

I've never used it myself but look up Freedombox.
FreedomBox is designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or jabber server to a wiki or VPN. A web interface allows you to easily install and configure your apps.
Freedombox is available in Debian's repositoriy.


Thanks for your tip. 8)
I will checkout Conky. :mrgreen:
you are right. I'm used to advanced solutions in windows environment, so yes I am looking for more and better then average home user. :)
Yes, the biggest threat is from the outside.... but..... it's always a but in the game... each rule has an exception.
a firewall/router/gatway has historically been hacked/penetrated... and this may happen different systems in the future as well. Maybe not through a built-in "NSA backdoor" but an other zerodays vulnerability. Then it is effective to have software firewalls on all computers inside the network.
Then there are viruses, malware, spyware that can create backdoors, send information from keyloggers. Then it is good to have a firewall on the infected/targeted computer which by default blocks new programs from going online and phoning home the information.
But it maybe never happen, so I can benefit from all the extra security layers. But IF it were to happen, I wouldn't stand with my pants down and thinking "shit what is happening, what do I do now" panic mode :shock:
This is where computer monitoring comes in as well. If you can see what kind of disk activity you have and which programs use which files, which programs trying to go online and so on, then you may be lucky enough to identify things before the damage is too big.

a little story of experience.. I encountered the wanacry virus on one of my computers it was still zerodays then, it was a windows XP machine who did get infected. Thanks to the firewall in that XPcomputer, the virus couldn't spread in my network to my other windows computers and the resource monitor indicated high disk activity on my files, so I pulled the power cord before too many files had been encrypted... around 400 files had time to be encrypted before I pulled the power but only 20 files were important and there were only 6 files that were new that I didn't have backup on
Therefore, monitoring of the computer is effective and firewalls on each computer to stop outgoing traffic.

Freedombox looks like a server solution, but I will read some more about it if I'm wrong about that. :)
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
Marie SWE
 
Posts: 21
Joined: 2021-04-06 22:14

Re: Questions about Firewalls and computer monitoring

Postby Hallvor » 2021-04-08 05:30

Marie SWE wrote:*It should preferably be able to have a default rule to block inbound and outbound traffic. and when a new program wants network access, the firewall should ask if the program should be denied or allowed.
And last.. I would like if it had some kind of graphical user interface for management and easy overviewing.


It seems like the Windows firewall would be just perfect for you. Seriously, I doubt what you ask for can be done in any other way than the CLI.

Second question.. Monitoring.
I also would like to know what my computer is doing.. so I wonder if there is some program like windows"resource monitor" that monitor program/processes cpu activity, memory usage, diskactivity what program/process read/write to what file at the time and networkactivity what program/process connects to what target IP-adress at the time.


There are tons of monitors. Just do a google search.

This command will show all connected IPs and what's connecting to them. You may have to install netstat first. Adding the command to Conky should be feasible.

Code: Select all
# netstat -natp


Is this two questions possible in Linux desktop?



We have all been Windows users, but trying to make GNU/Linux behave like Windows will end in as much bitterness and frustration as the other way around. Don't be scared of the CLI; it is a fantastic tool that will give you a kind of control you never had in Windows. Is there a steep learning curve? Absolutely. Also, accepting that you are no longer a power user can also be frustrating. I get that.

The Windows environment is incredibly hostile, with just about any malware on the planet targeting it. My Windows computer was also taken down by malware (a worm) many years ago. Asking for an armoured vehicle in a war zone makes perfect sense, but it makes less sense in a peaceful GNU/Linux suburb.

I run a firewall myself, and all external connections are blocked, but haven't bothered blocking outgoing connections. It is good enough.
Lenovo ThinkPad T440S, Intel Core i7-4600U CPU @ 2.10GHz, 8 GB RAM, 256 GB SSD, Debian Bullseye (KDE)
Lenovo ThinkPad X240, Intel Core i5-4300U CPU @ 2.90GHz, 8 GB RAM, 120 GB SSD, Debian Buster (KDE)
User avatar
Hallvor
 
Posts: 1119
Joined: 2009-04-16 18:35
Location: Norway

Re: Questions about Firewalls and computer monitoring

Postby steve_v » 2021-04-08 06:42

Marie SWE wrote:*It should preferably be able to have a default rule to block inbound and outbound traffic. and when a new program wants network access, the firewall should ask if the program should be denied or allowed.
And last.. I would like if it had some kind of graphical user interface for management and easy overviewing.

There are a few GUI firewall frontends, but AFAIK there's no firewall software for GNU/Linux that fits both of those requirements. [obsolete information redacted] to my knowledge nobody has implemented the "X program wants to access the internet" GUI bit.. Probably because nobody really needs to block individual applications on a system where everything is free and open source. Also most of the GUI offerings kind of suck in general.

Personally I just use UFW for simple rules on the desktop, and run a more comprehensive (IPFire) solution on my router. In the past I've used FWBuilder to generate rules for both, it's pretty powerful and might be worth a look if you don't want to deal with iptables directly abut need more than UFW or Firewalld offers.

Marie SWE wrote:I wonder if there is some program like windows"resource monitor" that monitor program/processes cpu activity, memory usage, diskactivity what program/process read/write to what file at the time and networkactivity what program/process connects to what target IP-adress at the time.

There are many variations on this for the CLI, most of them descending in some way from the venerable 'top' command. I like htop, but there's also iftop for network traffic, or iotop for disk access. If you use a full-blown DE, it probably includes some kind of system monitor as well.
IMO there are too many options for that category to list here, and a web-search is a better bet.
Last edited by steve_v on 2021-04-08 07:28, edited 2 times in total.
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Questions about Firewalls and computer monitoring

Postby p.H » 2021-04-08 07:06

steve_v wrote:ptables (or nftables these days) can match by-process

No, iptables cannot match by process. The "owner" match used to be able to match on process command line, but that was unreliable and removed. Most Linux "firewalls" are only packet filters operating at the network layer, not at the process/socket layer. AFAIK, this requires using security frameworks such as AppArmor or SELinux.
p.H
 
Posts: 1739
Joined: 2017-09-17 07:12

Re: Questions about Firewalls and computer monitoring

Postby steve_v » 2021-04-08 07:17

p.H wrote:that was unreliable and removed.

That's news to me. So be it, I'm pretty sure nobody was using it anyway.

Ed. Huh, looks like it went away with kernel 2.6.14... Shows how long its been since I last used it. :lol:
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Questions about Firewalls and computer monitoring

Postby Bulkley » 2021-04-08 15:30

I think I misunderstood what the OP meant by monitor. If so, Conky won't help. I suspect Tripwire is more appropriate.
Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Bulkley
 
Posts: 6102
Joined: 2006-02-11 18:35

Re: Questions about Firewalls and computer monitoring

Postby Marie SWE » 2021-04-08 22:08

I had polishing on a really long text, on and off for several hours of what to write to explain it all better..
Swedish is my mother tongue, and my English isn't the best, so it is difficult some times to write without it being misunderstood and without stepping on someone's toes, do to different points of view.. And the risk was of swearing in church with some of the content I wrote. :lol: :lol: :lol:
So I decided I shouldn't to keep the peace. :lol:

I will continue look for GUI solutions.
Thanks for all your tips. 8) :D :D
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.
Marie SWE
 
Posts: 21
Joined: 2021-04-06 22:14

Re: Questions about Firewalls and computer monitoring

Postby Hallvor » 2021-04-09 04:14

Don't worry about it. We have thick skins, but you might want to have the same. :)

KDE is working on Plasma Firewall. It is not exactly what you want, but not that far off either. You can select the default policy, e.g. block all connections, and with a click of a button you can see all applications that are trying to reach the Internet. Making a fine grained firewall should not be a problem, but it will take a long time before you can see it in Debian.

Send me a PM if you think I can understand you better, and I'll try to help you. Eg forstår svensk, men det er ikkje sikkert at du forstår norsken min. (I can understand Swedish, but you might not understand my Norwegian.)
Lenovo ThinkPad T440S, Intel Core i7-4600U CPU @ 2.10GHz, 8 GB RAM, 256 GB SSD, Debian Bullseye (KDE)
Lenovo ThinkPad X240, Intel Core i5-4300U CPU @ 2.90GHz, 8 GB RAM, 120 GB SSD, Debian Buster (KDE)
User avatar
Hallvor
 
Posts: 1119
Joined: 2009-04-16 18:35
Location: Norway

Re: Questions about Firewalls and computer monitoring

Postby 010101 » 2021-04-09 16:49

I too, have face this dilemma. When I searched for a iptable gui, i was overwhelmed. Good god, there's so many!

One post made a good point: It really all depends on what your looking for in a gui.

Another poster made a fine point: "I doubt what you ask for can be done in any other way than the CLI."

There are many, many Gui for iptables out there. And I think there may be one that will meet your needs. But if you want precise filtering than really the CLI is the way to go. But I understand that you may have CLI anxiety, everyone does when first coming over to Linux. But this anxiety will slowly past over time, with you growing more comfortable with the CLI during the time.

By the sound of it, you seem determine to find a GUI. Which is fine. Less of a hassle than CLI. The problem is that there many. And people can suggest this GUI and that GUI, but this doesn't mean that these would be what you need. I think this is something that only you can figure out for yourself.

As for a package for monitoring your system.

Try Task Manger.

Also, I have a pullout panel, and on it I can (at a glance) see the following: incoming and outgoing network activity, sda, cpu usage, swap usage, power usage.
On another panel I monitor my temperature and power usage.
It's easy to create a panel. You can easily add what you need.

You can use the htop or top command from the CLI to look at what's happening.
010101
 
Posts: 14
Joined: 2021-03-26 20:11

Re: Questions about Firewalls and computer monitoring

Postby Bulkley » 2021-04-09 17:27

"Fwbuilder Builder consists of an object-oriented GUI . . . " and it's in Debian repositories.
Bulkley
 
Posts: 6102
Joined: 2006-02-11 18:35

Re: Questions about Firewalls and computer monitoring

Postby steve_v » 2021-04-09 19:09

Hallvor wrote:KDE is working on Plasma Firewall.

...And yours-truly is following behind removing the gratuitous systemd dependencies so he can install it on Gentoo. It's actually quite nice as a frontend for simple desktop use.

Bulkley wrote:Fwbuilder

...Is slowly, ever so slowly, creeping toward the fabled 6.0 release. I'll probably give it another spin when that drops. Personally I consider it overkill for a desktop, but if you have many machines to administer it can be not only a builder of firewall rules, but also a builder of firewall networks.

It's the usual story with GNU/Linux: GUI desktop "security" apps are properly limited, but when it comes to remote-administering a bunch of border firewalls or setting up antivirus for a mailserver we've got all the toys. It must confuse the hell out of the windows-refugees. :D
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Next

Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable