How does One setup a firewall for Linux??

I've heard of IPchains..but I also heard that this is hard to config??


Also, is there any REAL antivirus protection out there for Linux, specifically Mandrake 8??

If you just want a firewall for an internet box and since you are using Mandrake, the easiest thing would be to go to Mandrake Control Center---type drakconf or mcc at a root prompt or click the icon if it is on the desktop and give your root password.

Anyway, once there, go to Security -> Firewalling and choose to configure the tinyfirewall. Again, if you are just surfing and not running a server, choose all the default, no server settings, choose to save settings on the last page.

This is what I do and the security scans at Steve Gibson's site or at dslreports both show "Stealth" for all ports scanned.

Good luck.

www.avp.com - this site has a linux anti-virus program available for download. don't expect to get a lot of usage out of it, tho. there are hardly any linux viruses.

ok... i just checked out that site, and it's no longer the AntiViral Pro site... apparently they went out of business a few months ago. it's now the Association of Volleyball Players site.

trust me tho... you're not going to be needing linux anti-virus any time soon, if ever.

...if I may interject and revive this thread.

How does one know if the firewall is running when going off into the big WWW?
Are there pop up alerts as with ZA?

(as I mentioned in another thread, outside of the K menu, I have no idea how to bring up/activate applications with my Mandrake8)

You can use PortSentry along with LogCheck and sendmail to block port scans and email an hourly report to root or any other user or to another email address.

Thanks Aussie, but this is still way over my fragile little Linux newbie head.

I'm connecting to the web with a Mandrake8 box through (LAN) a w98se box by way of ICS. The w98se box runs ZA, and as for the Mandrake8 box, I have no idea if or how the firewall (Tiny?) is running.
What I wonder is which firewall will be the working one? Or would both of them be active?

I am a linux newbie too so I may not know what Im talking about, but it is my impression that the Mandrake "firewall" just consists of turning off servers that you dont use. If the server is off then the port is closed, it is not actually software you run but rather a wizard that turns off software you dont need.

Ipchains is the one that blocks incoming stuff by IP adress. (I think) and if you are using it then you should see a message that IPchains is being started when you boot.

Fritz

Hi fritzjob.
Sorry, but I'm still in the dark.

I did what I assume is an installation procedure in Control Center, Security, Firewalling, but I still don't know how to turn it on. And if it's running, how to look it up to see what's been going on.

I am not using my Mandrake box as a server at this time, but only as a simple desktop computer. So, as far as I can tell from Control Center, System, Services, all server apps are stopped.

I must agree, I don't see any thing that tells me that the firewall is working
The one that comes in Mandrake 8.0,

so I went to GRC's site and did a test,

goto http://grc.com/default.htm and then

scroll most of the way down and then
click on the Shields Up Banner, and this
conducts two tests...
1. Test My Shields

2. Probe My Ports

It's setup to check all ports on your PC, and try to access them, and then you geta report at the end as to the results of the probing, and then he gives you Xplainations for each result..check it out
it put my mind at ease

Ok, In mandrake Control Center >> Security >> Firewall sets up "Tiny Firewall" using ipchains if your using a 2.2.x kernel and iptables with the 2.4.x kernel. Both of those are quite secure and there are no virus's you can catch from email or surfing with linux. The main danger with a linux box is a phyiscal attack on your system leaving a "root exploit" behind. One of the first things that usually happens in a root exploit is "/sbin/ps" is replaced by a hacked version to hide any suspect deamons that the attacker might have left behind. A genuine "ps" should be around 60kb and a bad one would be around 10kb. I'd recomend you download portsentry on its own and set it up as per the default instructions in the "readme" and it will report all portscans to /var/log/messages as well as automagicly blocking the ip of the scanning computer.

What was a good antiviral program?

What about root kits? I here those are a problem for linux. What about spyware/adware?

I use bitdefender and f-prot both very quick antivirus apps. Bitdefender i would recommend as it is very easy to install. Just setup a cron job for it and let it scan your files whenever you like.

No need, but you can look into ClamAV if you wish.
No spyware/adware. Root kits could be problematic, but only if you get rooted first. look into chkrootkit and a good firewall/iptables tutorial.