LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-22-2005, 04:08 PM   #1
SlipAway172
Member
 
Registered: Jun 2004
Location: GA
Distribution: Latest ubuntu
Posts: 172

Rep: Reputation: 30
Shorewall or other firewall???


im using the built in FW im MDK 10.1 and i would like to know if it would be better to run a hardware firewall. i have the D-Link DI-604
 
Old 01-23-2005, 03:28 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Each has it's uses..

One advantage of your own firewall script is that it can be tuned, really well..
and the hardware device? Who knows what's in there..

One disadvantage of your own firewall script is that it wasn't written by an expert, so it may have holes in it.. Big holes.. And the hardware device? Who knows?

It's only going to be a big problem if you expose connections to the internet, eg run servers.. Then the problem moves to the quality/security of the server/software..

You could always use both, but the real weaknesses are bad passwords, bad configurations and users who don't care.

If you're just a workstation, it's relatively easy to block NEW incoming connections.
That's a good start. Anything more complicated and you'll need to do some study..
eg an iptables example.. http://wiki.linuxquestions.org/wiki/..._a_workstation
 
Old 01-23-2005, 03:53 PM   #3
SlipAway172
Member
 
Registered: Jun 2004
Location: GA
Distribution: Latest ubuntu
Posts: 172

Original Poster
Rep: Reputation: 30
oh. i think i will use my hardware firewall from dlink. thanks for refreshing my memory of that the script firewall most likely has BIG holes. and also shorewall could crash w/o me knowing or while im away and if my hardware firewall one "crashed" it would lock all ports or turn off>


lol........ ON MY KEYBOARD NOW. when the CAPS lock is on it will to lower case adn when it is off it will to UPPER....lol time for a reboot. after 2 months
 
Old 01-23-2005, 04:09 PM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
I prefer to trust what I can examine or prove..

So I stick with writing rules.

A quick solution is to use a script that has been tested.
The one on the LQ Wiki is just fine for a workstation..
And also set up some blocks in the DLink box.

Being a little paranoid can help, but use both tools wisely and you'll be ok!
 
Old 01-23-2005, 08:09 PM   #5
SlipAway172
Member
 
Registered: Jun 2004
Location: GA
Distribution: Latest ubuntu
Posts: 172

Original Poster
Rep: Reputation: 30
what would u do?

run both shorewall and a hardware FW or just the hardware firewall
 
Old 01-25-2005, 01:42 AM   #6
camelrider
Member
 
Registered: Apr 2003
Location: Juneau, Alaska
Posts: 245

Rep: Reputation: 31
Run shorewall.

It is written by a very knowledgable and dedicated man who supports it better than any other piece of softare I know.

The shorewall-users mailing list is one of the best places i've found to learn about iptables firewalling information which I'll probably never have the opportunity to use. This iptables frontend can be very simple or highly sophisticated, depending on your needs.

The support info is at:

Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/...horewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

It's the old belt-and-suspenders thing. You might as well use both HW and Shorewall as they are both pretty easy to set up for a home system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 12:15 PM
shorewall firewall problem wisdom Linux - Security 1 02-02-2005 09:27 PM
shorewall problem with firewall itself peter72 Linux - Networking 1 08-01-2004 02:09 PM
Please help me: Shorewall firewall can only ping out neilcpp Linux - Security 2 10-21-2003 04:24 PM
Shorewall Firewall Questions bLaDe Linux - Security 3 08-13-2003 09:46 PM


All times are GMT -5. The time now is 09:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration