Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I downloaded a security suite via Automatix which included 'Firestarter' firewall. My question is: Why do I need a firewall when my computer already has one? Does the likes of FS include additonal features such as blocking outgoing and incoming unwanted specific activity i.e. spyware?
"already has one". You mean you have a separate firewall/router device or that you have something like iptables running on the system itself?
The answer if the former is that the firewall/router protects things only to that point. All systems on the other side (e.g. internal to you or your organization) are unprotected. Having the latter protects the system itself from other internal systems. A couple of reason to have the latter even if you have the former:
1) A good portion of hacking especially for destructive purposes is done by disgruntled employees.
2) Even for home use it helps if someone has hacked one of your systems they don't automatically get access to all the others. They have to work out what you've left open etc...
In security it's all about "hardening the target". The harder it is to get to a given system the more likely it is they'll go try hacking elsewhere.
If you already have something like iptables running you probably don't need another firewall product on the same system. You mentioned it was a "security suite". It would be silly indeed if a security suite didn't include a basic firewall package. You probably can use the other components without using firestarter.
Firestarter is just a GUI configuration tool for IPTables. It lets you create an IPTables firewall without knowing IPTables commands.
While all Linux systems have IPTables built in, many don't configure it by default. (I don't know why)
--Ian
Using Ubuntu, so I guess it comes with IPTables. How do I know if it is configured to do an adequate job of protecting the syste if I can't see it? Also, on windows running two firewalls simultaneously confuses the system. Should I shut one off here on Ubuntu?
Try "sudo iptables -L" to see your firewall rules. Before you set anything up, each section of the output should be empty.
Like I said though, Firestarter is not a firewall. It is basically a config tool for IPTables.
--Ian
OK, this explains things more clearly. The output is not empty, though. I'll have to bone up on all these settings to understand them more.
One last question. If I turn off the firewall in Firestarter then should I assume that the iptables are disabled leaving my comupter with no active firewall?
While all Linux systems have IPTables built in, many don't configure it by default. (I don't know why)
Because there is no one good setup that works for everyone; security is the job of an administrator, and if people don't want to configure an iptables firewall or don't know how to do it, it'd be an odd job to setup one that doesn't suit their configuration.
Code:
iptables -L
will tell you if the firewall has some rules. If you clear the firewall with Firestarter it effectively just removes (flushes) all iptables rules. After that the above list command should not give any rules. When you add some, the above command shows them.
With Firestarter you can create iptables rules and "save" them, and when you boot they are loaded -- you can choose whether Firestarter is used to load them to iptables, or iptables itself. The result is just the same, so no matter which one you use. Firestarter does not need to be run manually or be visible after rules are created, it's merely a tool to edit the rules. You can do the same job with userspace command iptables and reading the man-page should give somekind of picture on how it's done; iptables.org tells more.
Because there is no one good setup that works for everyone; security is the job of an administrator, and if people don't want to configure an iptables firewall or don't know how to do it, it'd be an odd job to setup one that doesn't suit their configuration.
Code:
iptables -L
will tell you if the firewall has some rules. If you clear the firewall with Firestarter it effectively just removes (flushes) all iptables rules. After that the above list command should not give any rules. When you add some, the above command shows them.
With Firestarter you can create iptables rules and "save" them, and when you boot they are loaded -- you can choose whether Firestarter is used to load them to iptables, or iptables itself. The result is just the same, so no matter which one you use. Firestarter does not need to be run manually or be visible after rules are created, it's merely a tool to edit the rules. You can do the same job with userspace command iptables and reading the man-page should give somekind of picture on how it's done; iptables.org tells more.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.