Firewalls
I downloaded a security suite via Automatix which included 'Firestarter' firewall. My question is: Why do I need a firewall when my computer already has one? Does the likes of FS include additonal features such as blocking outgoing and incoming unwanted specific activity i.e. spyware?
|
"already has one". You mean you have a separate firewall/router device or that you have something like iptables running on the system itself?
The answer if the former is that the firewall/router protects things only to that point. All systems on the other side (e.g. internal to you or your organization) are unprotected. Having the latter protects the system itself from other internal systems. A couple of reason to have the latter even if you have the former: 1) A good portion of hacking especially for destructive purposes is done by disgruntled employees. 2) Even for home use it helps if someone has hacked one of your systems they don't automatically get access to all the others. They have to work out what you've left open etc... In security it's all about "hardening the target". The harder it is to get to a given system the more likely it is they'll go try hacking elsewhere. If you already have something like iptables running you probably don't need another firewall product on the same system. You mentioned it was a "security suite". It would be silly indeed if a security suite didn't include a basic firewall package. You probably can use the other components without using firestarter. |
Firestarter is just a GUI configuration tool for IPTables. It lets you create an IPTables firewall without knowing IPTables commands.
While all Linux systems have IPTables built in, many don't configure it by default. (I don't know why) --Ian |
Quote:
|
Try "sudo iptables -L" to see your firewall rules. Before you set anything up, each section of the output should be empty.
Like I said though, Firestarter is not a firewall. It is basically a config tool for IPTables. --Ian |
Quote:
One last question. If I turn off the firewall in Firestarter then should I assume that the iptables are disabled leaving my comupter with no active firewall? |
Quote:
Code:
iptables -L With Firestarter you can create iptables rules and "save" them, and when you boot they are loaded -- you can choose whether Firestarter is used to load them to iptables, or iptables itself. The result is just the same, so no matter which one you use. Firestarter does not need to be run manually or be visible after rules are created, it's merely a tool to edit the rules. You can do the same job with userspace command iptables and reading the man-page should give somekind of picture on how it's done; iptables.org tells more. Code:
man iptables |
Quote:
Thanks for the input |
All times are GMT -5. The time now is 03:23 AM. |