Guarddog

[Daniel Anderson]

On Wednesday 29 August 2007 12:35:43 pm Derek Broughton wrote:
> O. Sinclair wrote:
> > Derek Broughton wrote:
> >> O. Sinclair wrote:
> >>> Now you had me curious - as a matter of fact I have been using a local
> >>> smtp server myself. The problem is quite simply that Guarddog has not
> >>> defined the TLS "protocol" under Mail. This means trying to use the
> >>> smtp.gmail.com with TLS and port 587 does not work as Guarddog does not
> >>> allow anything unless you tell it to.
> >>
> >> This is why I eventually gave up Guarddog.  I used it for years, but the
> >> supported protocols never increased noticeably, and I ended up with a
> >> more
> >> and more unwieldy set of advanced rules.  By that point, I might as well
> >> have been writing my own iptables rules.
> >
> > I guess that depends on what you do - I mainly browse, mail and use
> > Kopete plus LAN/SMB Netbios and I have no problems with those. I now
> > added this "TLS" myself but I rather use a different smtp than gmail
> > anyhow. As many have pointed out it can give you headaches on mail-lists
> > as the mail you send does not show up for you unless you tinker with the
> > gmail-settings.
>
> I'd rather get lists from Gmane via news, if at all possible, so that takes
> care of most of the lists I'm currently reading (this included).
>
> > That said I wish there was something that was a bit less complicated
> > than KmyFirewall (not the "easy mode") but more intuitive than Guarddog.
>
> I pretty well tried them all, and most of them missed the most basic
> requirement - that they either be flexible enough to handle the fact that
> you may have multiple IP addresses, or that they redo the firewall when you
> disconnect/reconnect.  This is precisely why I originally chose GuardDog,
> because most other firewall guis assumed you always had either a specific
> IP or at least a specific interface.
>
> There was one that showed promise. "fireflier" defaults all packets to be
> monitored (via ip_queue), and pops up a dialog to ask you what to do with
> the packets based on originating program, or originating or sending IP,
> protocol, port, and many more.  Good idea, but a few serious flaws.
> Primarily, only one client could connect to the server. Also, it didn't use
> kdesu (or gksudo for the gnome client) and needs a root password; and iirc
> it wasn't great about saving the rules it had generated, so too often I
> ended up rebuilding from scratch.  Probably a little work on any of the
> various clients would have solved most of those issues.
> --
> derek

Have you tried shorewall? It is highly configurable, either manually or I use 
webmin, haven't used it with Ubuntu, but have on other distros.

Dan

-- 
Using Linux since 1998.  
:)  :)  :)  :)  :)  :)  :)