firewall

[Derek Broughton]

John Dangler wrote:

> wow - just looking through synaptic for firewall products...

Yeah :-(

Choice is good, too much choice is paralyzing.

> arno
> ferm
> fiaif

haven't checked any of those.

> fireflier

This is what I'm playing with right now.  This is the only linux firewall
app (afaik) that works like Zone Alarm or Windows Firewall - allowing you
to block applications rather than just ports.  It's more flexible than
those, and at least imo pretty intuitive.  Good thing, since the
documentation is weak (but very few of these products have decent
documentation).  The daemon that monitors traffic is good, but the clients
are fairly simplistic.  Assuming they all work like fireflier-client-kde
(not known), you can only have one person monitoring the traffic, and
there's no option to make it pop up a dialog, so I sometimes don't realize
it's waiting for input.  Also, I haven't figured out how to make it save
its rules - the iptables part can be done easily enough, but the userspace
part I'm not sure.

> firehol

Just installed...

> firestarter
> fwbuilder

I couldn't figure a way to make either of these easily handle a situation
where my Internet interface could be either eth0 or eth1 (wired and
wireless, but not necessarily in that order).

> lokkit

Interesting.  I couldn't find a package for this last time I looked.  Now I
have to try it.

> mason

It's a while since I tried this one - it had some good features, but in the
end I went with guarddog.  I think it had the same problem as firestarter &
fwbuilder.

> shorewall

The biggest problem with this one is that it explicitly conflicts with
guarddog.  There's no need for that, and it meant that I couldn't keep my
existing rules running while I checked it out, so I tossed it (though I did
read the documentation).  The big plus is its documentation.
-- 
derek