firewall
Derek Broughton
news at pointerstop.ca
Tue Feb 13 21:04:03 UTC 2007
John Dangler wrote:
> wow - just looking through synaptic for firewall products...
Yeah :-(
Choice is good, too much choice is paralyzing.
> arno
> ferm
> fiaif
haven't checked any of those.
> fireflier
This is what I'm playing with right now. This is the only linux firewall
app (afaik) that works like Zone Alarm or Windows Firewall - allowing you
to block applications rather than just ports. It's more flexible than
those, and at least imo pretty intuitive. Good thing, since the
documentation is weak (but very few of these products have decent
documentation). The daemon that monitors traffic is good, but the clients
are fairly simplistic. Assuming they all work like fireflier-client-kde
(not known), you can only have one person monitoring the traffic, and
there's no option to make it pop up a dialog, so I sometimes don't realize
it's waiting for input. Also, I haven't figured out how to make it save
its rules - the iptables part can be done easily enough, but the userspace
part I'm not sure.
> firehol
Just installed...
> firestarter
> fwbuilder
I couldn't figure a way to make either of these easily handle a situation
where my Internet interface could be either eth0 or eth1 (wired and
wireless, but not necessarily in that order).
> lokkit
Interesting. I couldn't find a package for this last time I looked. Now I
have to try it.
> mason
It's a while since I tried this one - it had some good features, but in the
end I went with guarddog. I think it had the same problem as firestarter &
fwbuilder.
> shorewall
The biggest problem with this one is that it explicitly conflicts with
guarddog. There's no need for that, and it meant that I couldn't keep my
existing rules running while I checked it out, so I tossed it (though I did
read the documentation). The big plus is its documentation.
--
derek
More information about the ubuntu-users
mailing list