Guarddog

[Derek Broughton]

O. Sinclair wrote:

> Derek Broughton wrote:
>> O. Sinclair wrote:
>> 
>>> Now you had me curious - as a matter of fact I have been using a local
>>> smtp server myself. The problem is quite simply that Guarddog has not
>>> defined the TLS "protocol" under Mail. This means trying to use the
>>> smtp.gmail.com with TLS and port 587 does not work as Guarddog does not
>>> allow anything unless you tell it to.
>>>
>> This is why I eventually gave up Guarddog.  I used it for years, but the
>> supported protocols never increased noticeably, and I ended up with a
>> more
>> and more unwieldy set of advanced rules.  By that point, I might as well
>> have been writing my own iptables rules.

> I guess that depends on what you do - I mainly browse, mail and use
> Kopete plus LAN/SMB Netbios and I have no problems with those. I now
> added this "TLS" myself but I rather use a different smtp than gmail
> anyhow. As many have pointed out it can give you headaches on mail-lists
> as the mail you send does not show up for you unless you tinker with the
> gmail-settings.

I'd rather get lists from Gmane via news, if at all possible, so that takes
care of most of the lists I'm currently reading (this included).

> That said I wish there was something that was a bit less complicated
> than KmyFirewall (not the "easy mode") but more intuitive than Guarddog.

I pretty well tried them all, and most of them missed the most basic
requirement - that they either be flexible enough to handle the fact that
you may have multiple IP addresses, or that they redo the firewall when you
disconnect/reconnect.  This is precisely why I originally chose GuardDog,
because most other firewall guis assumed you always had either a specific
IP or at least a specific interface.

There was one that showed promise. "fireflier" defaults all packets to be
monitored (via ip_queue), and pops up a dialog to ask you what to do with
the packets based on originating program, or originating or sending IP,
protocol, port, and many more.  Good idea, but a few serious flaws. 
Primarily, only one client could connect to the server. Also, it didn't use
kdesu (or gksudo for the gnome client) and needs a root password; and iirc
it wasn't great about saving the rules it had generated, so too often I
ended up rebuilding from scratch.  Probably a little work on any of the
various clients would have solved most of those issues.
-- 
derek