Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have no idea or the time to figure out how to use iptables from command line.
I had been using guarddog gui for iptables but it does not work with KDE4, neither does firestarter and the other front ends I have found are very complicated.
Is there a simple to use firewall utility program for iptables?
Are you running any network service that you wouldn't want anyone "out" to have any kind of access to it?
If the answer is "no", then I don't see any reason to worry about firewalling.
That's the popular one-sided answer, yes. However 0) it's easy for people to forget to run a firewall after they *do* acquire services to run plus 1) this "answer" makes a SPOF of the device running a firewall (usually the cable or DSL router). Besides that a firewall serves more purposes than blocking traffic alone.
My other system is just a single user desktop, not a server and mostly used for browsing the internet.
How hard is it to use/configure Iptables?
What's the scenario? Do you have a DSL router or something? If yes, I wouldn't worry about firewalling, since most routers already do the filtering/NAT thing. I personally don't use any iptables rule in my desktops and never got in any trouble. Only use filtering at my gateway and that's all.
This is the Linux Security forum. Subjective interpretations like "thinking", "guessing" and "worrying" have no place here and what you do personally is not relevant. Please keep in mind we like to see members deal with questions objectively, based on facts alone.
Its age is irrelevant for present purposes. Its feature set and configuration are what counts. SOHO routers are being progressively dumbed down so old ones tend to have more features than new ones.
Are you using it as a router (if so, is it configured to do any port-forwarding?) or is it in bridged mode?
For desktop applications in Linux I don't really need/use firewalls but if I will, I'd prefer to just filter outgoing connections instead of incoming. It just makes sense to filter incoming if your system is targeted by hackers but for defense against viruses / multi/universal-target trojans, I think outgoing is already enough since with applications like browsers/etc. vulnerabilities can never be guaranteed so it's just better to detect if your system is already breached instead of trying to defend it.
Edit: That is of course if you know how to make sure that your firewall will not be accessed or modified once a successful attack is made.
Last edited by konsolebox; 06-22-2010 at 03:16 AM.
(..) it's just better to detect if your system is already breached instead of trying to defend it.
This implies having default input chain DROP policies else you still have to set restrictions. Yes, people should use egress filtering but your opinion on egress filtering does not hold any valid reasons for not filtering ingress traffic: it "just makes sense to filter incoming" as it allows you to actively regulate, restrict, log and audit what traffic passes through instead of relying on what can turn out to be a SPOF.
This implies having default input chain DROP policies else you still have to set restrictions. Yes, people should use egress filtering but your opinion on egress filtering does not hold any valid reasons for not filtering ingress traffic: it "just makes sense to filter incoming" as it allows you to actively regulate, restrict, log and audit what traffic passes through instead of relying on what can turn out to be a SPOF.
Honestly I can't really parse your message but never mind my post then. My idea was really just to myself anyway.. not general. To me it's just a bother filtering incoming traffic.. waste of processing, analysis.. what for anyway.. You'll still have direct interface with your client softs.. browsers etc. With desktop setups such as mine, effects of incoming connections are just the same anyway.. filtered or not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.