LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-19-2004, 08:48 AM   #1
Raptor Ramjet
Member
 
Registered: Apr 2003
Location: Under a rock
Distribution: Slackware "current" - Praise "Bob" !!!!
Posts: 92

Rep: Reputation: 15
Workings of Linux Firewalls compared with Zone Alarm


Hello,

Despite having a hardware firewall on my ADSL modem I've just been playing around a bit with guarddog to setup the firewall on my Linux box (I'll try to get my head around native ipchains/iptables at a later date !).

But having done so I've contrasted the way that the Zone Alarm firewall works on my Windows box and I think there's room for enhancement/improvement in Linux firewall control. So really I'm just wondering what anyone else thinks ?

For those not familiar with Zone Alarm the main difference is that it's geared to allow control at the application level whereas the Linux firewall seems geared to provide control at the protocol/ports level.

When using Zone Alarm the way it works is that all unsolicited connections from the internet are ignored and whenever a program on the local machine wants to connect to the 'net Zone Alarm will first ask me whether I want to allow this or not. I then answer yes or no and can optionally indicate that it should remember my preference (so I'm not asked again)

Similarly I am also prompted whenever a program wishes to behave as a server (there are also the usual facilities to open certain ports for inbound traffic and to allow greater access for local network connections etc. etc.)

Now as far as I know there aren't any Linux firewalls that have this functionality (I may well be wrong on this !) but I think it's an excellent idea. In the past it has been most helpful in finding trojans/spyware etc. on friends PCs (as the local "person who knows about computers" I do a fair bit of helping out)

So I'm just curious as to what people think of the idea ? and is it worth trying to raise this as a feature request with the relevant developers etc. ?

I realise that someone with an indepth knowledge of their system is probably already quite happy with the way Linux firewall works but, for a newbie especially, I think this would be a good thing - if only for the fact you'd get to know which programs were connecting to the 'net and for what.

I also realise that the problem of Trojans etc. is not quite as prevalent on Linux as it is on Windows (yet ?) but I still think it's a really good feature (i.e. I've allowed outbound SMTP connections but why is "program X" trying to send mail ?)

Finally I may well be completely off on this as, given the "granularity" of *nix systems all programs on a Linux may well communicate through a central application so the idea may not be viable (I don't know Linux well enough to know whether this is the case)

Just some idle musings....
 
Old 03-19-2004, 10:27 AM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
mm yeah, you're right about the ZoneAlarm, I have neither heard of any nice firewalls for linux that'd do the same thing, and ask about programs one by one which can and which can't do this and that...

I also got annoyed of that thing in windows....uppopping windows etc. even tough I didn't want - millions of them. but it'd be nice to have at least one app for linux so that those who want may use this thing
 
Old 03-19-2004, 10:32 AM   #3
Bomb187
Member
 
Registered: Mar 2004
Posts: 37

Rep: Reputation: 15
Well i notice this in windows too. many programs in windows try connecting to the net either for a update, checking to see if you have a pirate copy etc.... I don't know if theres a program that shows whats currently accessing the net, like a connection monitoring program, that would be cool. but seeing how you can view whats started when you boot up, i will think that only those programs would be able to access the net and no other tasks wouldn't be started without your input. In windows theres tasks that auto starts. like spyware, services and dlls. i don't think linux work that way which means you don't have to worry about blocking programs access to the internet.
 
Old 03-19-2004, 12:21 PM   #4
Lleb_KCir
Senior Member
 
Registered: Nov 2003
Location: Orlando FL
Distribution: Debian
Posts: 1,765

Rep: Reputation: 45
im no guru and still a mega newbie, but i know enough about firewalls in general to answere some of your questions/comments.

1. firewalls are for LAN/WAN traffic controll ONLY. that is what a true firewall does.

2. in linux you will have log files, dont as me were they are located, do a /whereis to find them. both ipchanes and iptables have the option to set up log files that will track what ever you want to track.

if you want to see what user, from what LAN IP requested what data from either LAN/WAN you can get that level of info from your log files if you set them up right.

a firewall is not supposed to monitor your software. that is basicaly a virus in its self. that is my #1 grief with things like black ice and other 'software firewalls'. they do things to your OS they are not supposed to do as a firewall.

they should be called system monitors not firewalls. last customer that had blackice on their system and was having problems getting something to install and run propperly called me out. after 1 attempt at getting around blackice, i uninstalled it. cleaned out the registry of all its junk it left behind, then had zero issues getting his app to install/run properly.

if you are behind a NAT router, and that router has a firewall built into it, dont waist the system resources and screw up your OS by installing blackice.

all that being said. i have yet to see a software firewall that will run as well as a hardware one will. now that is not to say that there are not some linux software out there that will not make your linux box as strong and effective as a hardware firewall box, but from what little ive read id stick to learning iptables and code it that way if you really want to turn your linux box into a firewall.

now let the real linux gurus speak. mind you im a M$ guru.
 
Old 03-24-2004, 01:48 PM   #5
Raptor Ramjet
Member
 
Registered: Apr 2003
Location: Under a rock
Distribution: Slackware "current" - Praise "Bob" !!!!
Posts: 92

Original Poster
Rep: Reputation: 15
Good points !

So I suppose the answer really is to look at the logs but I was just idly musing. Having said that I'd still like something to perform this functionality as well... I just like it.

Or perhaps that's just my current Linux ignorance/Windows experience speaking ?

Cheers for the replies.
 
Old 05-11-2004, 05:29 PM   #6
comp12345
Member
 
Registered: Feb 2004
Posts: 467

Rep: Reputation: 30
The only firewall I have tried that works similar to Zone Alarm is Fiery Filter. It will give you a pop up screen just like Zone Alarm. But in its present form, it's not usable. The rule settings do not work. So it will give you a dialog box for every packet sent to the system. It also doesn't seem as if it is actively being developed at the moment.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Zone Alarm for Linux LinuxSeeker Linux - Software 34 07-16-2013 07:49 PM
Zone Alarm style FW for Linux? anticuchos Linux - Security 2 09-16-2005 09:10 AM
Help Firewall Zone Alarm Pro Avenge19 Linux - Newbie 3 10-17-2004 05:52 AM
Help Firewall Zone Alarm Pro Avenge19 SUSE / openSUSE 1 10-17-2004 04:07 AM
FIREWALL similar to Zone Alarm Zingaro2002 Linux - Networking 6 06-28-2003 03:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration