LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-16-2005, 08:38 PM   #1
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Do I need something more flexible than Firestarter?


I've used Firestarter for a long time and like it a lot. Simple and apparently quite secure. The one thing I want to do that I can't seem to do is define exceptions to Inbound traffic rules.

As I understand it, I can open a port to all comers only. There does not seem to be a way to tell Firestarter that anyone can use this port EXCEPT a specifically named ip address or a range of addresses. Am I missing something?

Is there perhaps a blacklist file that I can populate which iptables will check without prompting from Firestarter? Or is there another iptables GUI that allows such rulemaking. I notice that my 'Debian Bible' recommends Shorewall. Anyone familiar with that?
 
Old 12-16-2005, 08:54 PM   #2
ssfrstlstnm
Member
 
Registered: Dec 2004
Location: IN, USA
Distribution: debian etch
Posts: 402

Rep: Reputation: 30
Shorewall is kind of a config file for iptables. That's what I use. It's easy. If you use KDE, you can go with guarddog.
 
Old 12-16-2005, 10:35 PM   #3
llmmix
Member
 
Registered: Jun 2005
Posts: 73

Rep: Reputation: 15
Hi,

Ask to the firestarter developer, they seem to be kind ppl.

* http://www.fs-security.com/contact.php

* http://www.fs-security.com/list.php
 
Old 01-05-2006, 10:57 AM   #4
celejar
Member
 
Registered: Oct 2003
Location: New York
Distribution: Debian Sid
Posts: 185

Rep: Reputation: 30
Quote:
Originally Posted by rickh
I've used Firestarter for a long time and like it a lot. Simple and apparently quite secure. The one thing I want to do that I can't seem to do is define exceptions to Inbound traffic rules.

As I understand it, I can open a port to all comers only. There does not seem to be a way to tell Firestarter that anyone can use this port EXCEPT a specifically named ip address or a range of addresses. Am I missing something?

Is there perhaps a blacklist file that I can populate which iptables will check without prompting from Firestarter? Or is there another iptables GUI that allows such rulemaking. I notice that my 'Debian Bible' recommends Shorewall. Anyone familiar with that?
I use Shorewall on Debian. It's very good, but not that simple to use. It is easier than writing iptables scripts by hand, but not nearly as simple as the GUIs (Firestarter, Guarddog). You edit config files (at least 4 or so for a minimal config) and the Shorewall scripts then generate the iptable rules for you. Note that any mistakes (and you WILL make them!) result in the firewall locking down the system and you then have to sift through slightly cryptic startup error messages and log files to find the problem. Also, shorewall has no running process that you can monitor like the GUIs; you need to look at the log files (or the console messages). There are scripts (I use fwlogwatch) to sift through the Shorewall log messages.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A flexible rc.firewall script Woodsman Slackware 3 11-18-2005 08:16 PM
most flexible distro puishor Linux - General 2 06-26-2005 05:45 AM
Flexible Wireless Security Protocol Quest101 Linux - Wireless Networking 1 06-14-2005 10:45 AM
how to make mounting of USB devices flexible gunncyclopedia Linux - Hardware 2 04-21-2005 10:13 PM
What distro is most flexible and compatible to hardware? maelstrom209 Linux - Distributions 5 03-12-2005 01:29 AM


All times are GMT -5. The time now is 04:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration