firewall
John Dangler
jdangler at atlantic.net
Tue Feb 13 21:53:05 UTC 2007
On Tue, 2007-02-13 at 17:04 -0400, Derek Broughton wrote:
> John Dangler wrote:
>
> > wow - just looking through synaptic for firewall products...
>
> Yeah :-(
>
> Choice is good, too much choice is paralyzing.
>
> > arno
http://rocky.eld.leidenuniv.nl/
last update Feb 2007 - looks promising
Latest version 1.8.8.h
Latest version in synaptic - 1.8.6.c-2
> > ferm
http://ferm.foo-projects.org/ferm.html
ferm - a firewall rule parser for linux
(looks like a decent way to learn iptables rule writing, but it may not
be an _end-user_ type of product
> > fiaif
http://www.fiaif.net/
"The Goal of FIAIF is to provide a highly customizable script for
setting up an iptables based firewall."
last update Jan 23 2007 - looks promising
Latest version 1.21.1
Latest version in synaptic - 1.20.1-2
"Read through the zone files, and try to understand/modify the
variables.
Make sure that you setup the device information (GLOBAL, DYNAMIC, IP,
DEV, NET, BCAST) correctly."
"...You are now ready to start the firewall. ... you probably want to
set DEBUG=1, and watch the logs for dropped packets."
(uh-oh)... this also looks like a good way to learn iptables rule
writing, although it does have a decent testing feature so that you can
check your syntax, etc.
>
> haven't checked any of those.
>
> > fireflier
>
> This is what I'm playing with right now. This is the only linux firewall
> app (afaik) that works like Zone Alarm or Windows Firewall - allowing you
> to block applications rather than just ports. It's more flexible than
> those, and at least imo pretty intuitive. Good thing, since the
> documentation is weak (but very few of these products have decent
> documentation). The daemon that monitors traffic is good, but the clients
> are fairly simplistic. Assuming they all work like fireflier-client-kde
> (not known), you can only have one person monitoring the traffic, and
> there's no option to make it pop up a dialog, so I sometimes don't realize
> it's waiting for input. Also, I haven't figured out how to make it save
> its rules - the iptables part can be done easily enough, but the userspace
> part I'm not sure.
>
> > firehol
>
> Just installed...
>
> > firestarter
> > fwbuilder
>
> I couldn't figure a way to make either of these easily handle a situation
> where my Internet interface could be either eth0 or eth1 (wired and
> wireless, but not necessarily in that order).
>
> > lokkit
>
> Interesting. I couldn't find a package for this last time I looked. Now I
> have to try it.
>
> > mason
>
> It's a while since I tried this one - it had some good features, but in the
> end I went with guarddog. I think it had the same problem as firestarter &
> fwbuilder.
>
> > shorewall
>
> The biggest problem with this one is that it explicitly conflicts with
> guarddog. There's no need for that, and it meant that I couldn't keep my
> existing rules running while I checked it out, so I tossed it (though I did
> read the documentation). The big plus is its documentation.
> --
> derek
>
>
More information about the ubuntu-users
mailing list