LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-27-2012, 08:49 PM   #1
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0
Posts: 3,379
Blog Entries: 15

Rep: Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923
Exclamation Idea for Slackware 14.0 - Easy Firewall Generator (clone of AlienBob's)


I just realized that Slackware really doesn't include a ready to use Firewall by default that is setup by the user either during installation or post-installation using IPTables.

Why not add a simple extra set of tools to the BusyBox nCurses installer to generate a Firewall using a script program labeled something like "fwconfig" (similar to the current config scripts for Alsa, X11, Network, and such) that operates exactly like the Easy Firewall Generator webpage on AlienBob's (Eric's) website, and makes it executable for the boot sequence.

Would be a nice extra touch, IMO.

Any comments? Good idea? Bad idea? Etc?
 
Old 06-27-2012, 09:01 PM   #2
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by ReaperX7 View Post
I just realized that Slackware really doesn't include a ready to use Firewall by default that is setup by the user either during installation or post-installation using IPTables.

Why not add a simple extra set of tools to the BusyBox nCurses installer to generate a Firewall using a script program labeled something like "fwconfig" (similar to the current config scripts for Alsa, X11, Network, and such) that operates exactly like the Easy Firewall Generator webpage on AlienBob's (Eric's) website, and makes it executable for the boot sequence.

Would be a nice extra touch, IMO.

Any comments? Good idea? Bad idea? Etc?
+1

This will be a value added in security for 'lazy' slackers like me
 
Old 06-27-2012, 10:36 PM   #3
Alchemikos
Member
 
Registered: Jun 2012
Location: Porto Alegre-Brazil
Distribution: Slackware- 14, Debian Wheezy, Ubuntu Studio, Tails
Posts: 88

Rep: Reputation: 6
Great Awesome idea
 
Old 06-28-2012, 03:49 AM   #4
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I think it would be useful, and would improve default security in Slackware.
 
Old 06-28-2012, 04:29 AM   #5
alekow
Member
 
Registered: Sep 2009
Distribution: Slackware
Posts: 127

Rep: Reputation: 17
Not a bad idea at all :-) BTW - Alien, thanks for the generator!
 
Old 06-28-2012, 02:49 PM   #6
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0
Posts: 3,379
Blog Entries: 15

Original Poster
Rep: Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923
You know of all the things you never think about, it's simple basic security like a Firewall. If Windows, since XP Service Pack 2, can be secure out of the box with it's own pre-configured Firewall, why can't Linux, and especially Slackware have it's own firewall setup tool and firewall script?

You know, of all the Linux distributions out there, how many Linux distributions actually INCLUDE a firewall tool ready to go out of the box for IPTables at installation time? One or two, maybe? But are those mainstream distributions? Probably not.

Time to drop the boulder in the small pond and make a hell of a splash in my opinion.
 
1 members found this post helpful.
Old 06-28-2012, 02:53 PM   #7
chess
Member
 
Registered: Mar 2002
Location: 127.0.0.1
Distribution: Slackware, OpenBSD, FreeBSD
Posts: 728

Rep: Reputation: 168Reputation: 168
Quote:
Originally Posted by ReaperX7 View Post
You know, of all the Linux distributions out there, how many Linux distributions actually INCLUDE a firewall tool ready to go out of the box for IPTables at installation time? One or two, maybe? But are those mainstream distributions? Probably not.
I believe Debian, Ubuntu, and others of its ilk include ufw and I also believe Fedora has its own gui frontend to iptables.
 
Old 06-28-2012, 04:27 PM   #8
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,190

Rep: Reputation: 547Reputation: 547Reputation: 547Reputation: 547Reputation: 547Reputation: 547
ReaperX7,

I like that idea a lot. I like and use Eric's script. I think that would be a very welcome addition to 14.0.
 
Old 06-28-2012, 05:26 PM   #9
NoStressHQ
Member
 
Registered: Apr 2010
Location: Lausanne - Switzerland ( Bordeaux - France / Montreal - QC - Canada)
Distribution: Slackware Leet - 32/64bit
Posts: 283

Rep: Reputation: 94
Well,

I'm glad this subject comes to "mainstream", as I tried to propose a script myself for that but barely had any answers ...

It was last summer...

I'm still using this script. And have some other useful scripts but I don't have the time to setup a "blog" or something and feed it with "human pleasable" content ... But I'd be happy to team up with some folks in order to improve "3rd party slackware utilities"...

Cheers.

Garry.
 
Old 06-28-2012, 07:01 PM   #10
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0
Posts: 3,379
Blog Entries: 15

Original Poster
Rep: Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923
I've used Ubuntu before but I've never seen them have a ready-to-go Firewall out of the box. I have seen them have available a Firewall like Firestarter and FireHOL but they were never actually included in the general configuration, only in the online downloadable packages.

I wonder how Patrick would feel about a proposal such as this?
 
Old 06-28-2012, 07:29 PM   #11
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by NoStressHQ View Post
Well,

I'm glad this subject comes to "mainstream", as I tried to propose a script myself for that but barely had any answers ...

It was last summer...

I'm still using this script. And have some other useful scripts but I don't have the time to setup a "blog" or something and feed it with "human pleasable" content ... But I'd be happy to team up with some folks in order to improve "3rd party slackware utilities"...

Cheers.

Garry.
It would be nice if your script going to /testing first of Slackware-current. Hope your project will get more attention from Slackware users to try,test, and improve it.

Quote:
If the core Slackware team (Pat, AlienBob, ...) have some advices, requests or ideas for improvement, I think it might even be interesting to add it in "/extra" someday, as I suspect this would be a wish for some Slackers, and maybe improve first steps accessibility to newbies, having a firewall nearly 'out of the box'. Obviously it'll require a better packaging.
It doesn't hurt everyone NoStressHQ is ready now to take an action without Stress
 
1 members found this post helpful.
Old 06-28-2012, 08:21 PM   #12
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,459

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
Personally, I do not like this idea. I recognise that iptables and firewall scripts are intimidating to new users, but there are many HOWTOs and examples available. Security is an issue that requires study and understanding. Scripts and GUI generators do not provide this.
If the desire is to protect a new user setting up on a home system, then firewall protection is very likely already being provided by the external modem/router.
If the desire is to setup a minimal firewall that blocks everything, then simply copy the already provided '/etc/ppp/firewall-standalone' to '/etc/rc.d/rc.firewall' and change the EXTIF if necessary.
Having a firewall setup at installation will be a hindrance to those trying to setup servers with various servers available.
 
6 members found this post helpful.
Old 06-28-2012, 08:47 PM   #13
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 390

Rep: Reputation: 152Reputation: 152
Quote:
Originally Posted by allend View Post
Having a firewall setup at installation will be a hindrance to those trying to setup servers with various servers available.
Not necessarily. The firewall setup can be optional, if one needs it press "yes", and configure and create a rc.firewall script, or press "no" and create the firewall rules manually.
 
1 members found this post helpful.
Old 06-28-2012, 09:01 PM   #14
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0
Posts: 3,379
Blog Entries: 15

Original Poster
Rep: Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923
You can always skip that step, which would obviously be provided as other existing tools provide if you feel a manual configuration is more your thing, or no configuration is needed.

The point of the tool's addition isn't to take away from existing tools out there, just supplement what's already there for the end-user who may want to setup his/her own Firewall and make it less a headache while providing a sense of having a tool that makes security readily available if desired.

While SPI Firewall's on Routers and other hardware are effective often sometimes this isn't enough if another computer is or has become compromised.

AlienBob's Firewall script by default when you visit his webpage configures a basic yet powerful Firewall for Dynamic IP Addresses on Single Systems. This should be at minimal, a setup for a normal user during installation. Even without understanding some level of security, the default configuration offers a very solid solution even a novice Linux user would benefit from. If needed the tool can be reran and the script updated to allow things like BitTorrent, MSN, etc. However, currently there is not a tool to do this on the system if it's offline. If you want to use AlienBobs EFG, you have to be online.

For IT professionals there are other tools even in his script that allow for Static IPs, specialized ports, and even application specific allowances, and some of which are server oriented.

http://www.slackware.com/~alien/efg/

If we can have tools to setup Xorg, ALSA, Network Addressing schemes, disk partitions, and even a window manager, why can't we have a tool that sets up a firewall with a basic to advanced level of configuration?

Last edited by ReaperX7; 06-28-2012 at 09:03 PM.
 
1 members found this post helpful.
Old 06-28-2012, 09:09 PM   #15
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by allend View Post
Having a firewall setup at installation will be a hindrance to those trying to setup servers with various servers available.
It's true, the core dev team need serious consideration and testing if firewall included during instalation. But the option menu to enable/disable this feature during instalation will solve the problem for user who need advance configuration. IMO, the idea proposed by ReaperX7 is simple (and basic) feature. So everyone can add,modify, or start their EXTIF if needed after post installation without worry.

It's nice if rc.firewall exist by default after instalation (although in blank page when I type nano /etc/rc.d/rc.firewall)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Easy Slackware Firewall? neilcpp Slackware 26 06-28-2013 09:28 PM
[SOLVED] Question about Eric Hameleers' firewall generator Switch7 Slackware 6 11-26-2009 07:06 AM
Want an easy password generator? Try this :) taskara Linux - General 4 07-24-2005 11:02 PM
Iptables Sample Firewall Generator mqe Linux - Security 2 06-20-2002 02:12 PM
firewall - iptables - generator mqe Linux - Networking 0 06-20-2002 03:09 AM


All times are GMT -5. The time now is 03:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration