Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm thinking of setting up a firewall. I've come across a few things so
far. I would like to know the differences are between Iptables, a
router, and a distro like Ipcop.
I'm trying to figure out the differences, and advantages are so that I will know what I will need.
I'm thinking of setting up a firewall. I've come across a few things so
far. I would like to know the differences are between Iptables, a
router, and a distro like Ipcop.
I'm trying to figure out the differences, and advantages are so that I will know what I will need.
Appreciate any advice or suggestions.
I need something for a home computer.
Thanks.
A firewall is a tool that lets you control which packets are allowed on a system/network. Iptables is the tool used to configure Linux's native firewall functionality, which is called Netfilter. A router is a tool which lets you control which path packets should take. Distros like IPCop are a collection of software packages centered around the management of packets coming and going from organizational networks. Such distros include varied functionality, including (but not limited to) firewalling and routing.
Personally I never trust a router firewall, I mean how often do you update your router's firmware ? Usually never. How much can you configure your router firewall ? Usually, not much. So even if I leave the router firewall on, I like to have a software firewall as well on my computer. There are many frontends for iptables if you need a GUI just search google or see here:
I I would like to know the differences are between Iptables, a router, and a distro like Ipcop.
I'm trying to figure out the differences, and advantages..
A distro like Ipcop will include a firewall (in the case of Linux, its almost always Iptables/netfilter).
Pro
This approach is very useful if you are trying to build your own 'net appliance'-type box; a box that does firewalling, maybe caching, maybe a DNS server, because you get all the bits that you need in one package and little of the stuff that you don't need, and you get it more-or-less set up from the get-go, provided you go through the (slightly involved) install procedure correctly.
Con
For someone who has extensive experience of networking and one particular distribution it may not be much easier than the complete 'do it yourself' approach with his (or her) favourite distro, and if you intend to run lots of non-networking stuff on the box, it might not be helpful. Or, to put that another way, if this box isn't going to be your network appliance, you might be better off with a different approach.
Iptables/Netfilter
Is essentially (in appearance to the user) a special purpose programming language for firewalls. There are graphical front ends to this, and there are customised bash scripts, etc, etc, all of which try to make it easier to do the configuration (which isn't really all that hard, provided that you understand the basics of networking...which most people think that they do, but its only a smaller number who actually do).
Pro
totally configurable
can run on same box as your applications
Con
totally configurable
Router
Its difficult to say much about routers; some are good, with regard to firewalling, most consumer devices, errm, less good than they could be. Mainly this shows up as a lack of configurability in the firewall functionality (from zero, to ok but a bit coarse, to really quite useful). Whether this impacts you depends on how involved are your requirements and how good your particular model is. And there is the usual trade-off of flexibility against ease of configuration, but, if you know what you are doing, having slightly more config to do won't detain you for long.
Note that these aren't either/or. You could (probably should) decide on multiple layers of security. If nothing else, the logging capabilities on an Iptables/netfilter type firewall are better than on most consumer networking boxes that I've seen, so if you want to know whether you are under attack and that attack is getting past your router and trying the defenses of your computer, you'll want Iptables/netfilter in addition to whatever your router provides, just for logging. And, of course, its very configurable.
Whether you want an 'easy' front end to it, and whether than should be a Gui or a template baash script is very much a matter of preference; they all run the same iptables/netfilter at the end of the day, its just a matter of which config tool does what you want and you feel comfortable with.
One of the things I was thinking of was which would be more secure:
having a firewall on the computer I was working on or a dedicated
firewall, or is this not important?
Is it a security problem to run a gui as root?
A graphical front end for Iptables.
Also I think IPCop is accessed through a web browser.
One of the things I was thinking of was which would be more secure:
having a firewall on the computer I was working on or a dedicated
firewall, or is this not important?
Use both - especially if you've got more than one computer on your LAN. A dedicated firewall will filter packets from your WAN, while a host-based firewall will filter packets from within your LAN (while at the same time acting as a second line of defense).
Quote:
Is it a security problem to run a gui as root?
A graphical front end for Iptables.
Yes, it's always a risk to run anything as root. But certain things need root privileges, so you might not have much of a choice.
Quote:
Also I think IPCop is accessed through a web browser.
That seems to be the norm with firewall distros today.
Yes. But you don't have to keep doing it and you don't have to do it when you are online. Actually, you have'nt said why you feel that you need to do it at all, assuming it is related to this problem of a firewall.
If you mean that you can't create a ruleset for iptables without running your chosen gui, that would be correct, but you can do that without running as root. It is only when you come to put that ruleset in place that you need to be root, and that can be a simple script in the start-up process.
So, provided that your chosen front end can create and store a ruleset without instantiating it, you should be fine. In fact, this is probably the only secure way of working, if you think that there is any chance of someone trying to crack your ruleset or your generator (back up and archive your ruleset, of course).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.