Hello everyone,
I have SuSe ver 8.2 installed and I have broadband through a cable modem. My question is:

Does Linux use a Firewall or Antivirus??

If so...

What is a good Firewall??

What is a good Antivirus??

I just want to be sure my Linux system is protected from anything harmful.

Thanks
Bobby

iptables is the default firewall for linux.

for antivirus, you can look at free ones like clamav or the commercial ones

Is the linux firewall automatically installed or do I have to install it?

If I have to install it where do I get it?

Where do I get a free antivirus like clamav?

How good is this free antivirus program?

How do you update the virus defs, etc.?

Thanks
Bobby

You would have to install a firewall or a firewall script. There are many scripts available on the internet, and usually you only need to edit the script and change a couple variables to match your setup. Then you make the script executable and launch it from one of the startup scripts e.g. /etc/rc.d/rc.local.

There are many scripts available for you to try out below:

http://www.linuxguruz.com/iptables

I use guarddog as my firewall. You can downlaod it from http://www.simonzone.com/software/guarddog/

As far as Antivirus is concerned, I dont use any, but I heard avast has launched a Linux version. I dont have much info about it

iptables is installed by default.

You can get clamav from http://clamav.sourceforge.net
Here is another one http://www.openantivirus.org/

I believe the antivirus updates are free, frequent and virus-detection is commercial-grade.

OK, I found a basic firewall script from this website: http://www.seifried.org/lasg/firewall/iptables.html
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Here is the script:
A very basic example
For those of you that just want to get on with it here is a simple iptables firewall script I use that is suitable for machines with one interface:

#
# First set some default policies
#

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

#
# Then block the reserved network 10.* on the external interface eth0
#

-A INPUT -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP

#
# Then we allow SSH, SMTP and DNS
#
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp --dport 22:22 -j ACCEPT
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp --dport 25:25 -j ACCEPT
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p udp -m udp --dport 53:53 -j ACCEPT
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp --dport 53:53 -j ACCEPT
#
# Now we block all incoming traffic to ports between 1 and 1024. For your system
#
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp --dport 1:1024 -j REJECT
-A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p udp -m udp --dport 1:1024 -j REJECT

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Now HOW AND WHERE do I add this script?

Is there anything that I have to change to make this script work with my distro (SuSe ver 8.2) and/or my computer and/or my broadband cable modem connection through Bright House cable/Earthlink?

I am extremely new to Linux and I have never done this before. I definately want to learn the in's and out's of Linux.

If I am confusing someone...please let me know and I will try to explain my thought process to be a little easier.

Thanks in advance for your help!!!

Bobby Howerton

now, im not 100% sure, but i believe that SuSE has a firewall in the distro. no need to install anything.
you can activate it in the Control Panel.

At least there is one in 9.1

howerton, you should use the default deny stance

iptables -P INPUT DROP

you can let everything go out without any filters. But anything coming in should only be replies. Unless, you are offering some services to others and/or yourself - a webserver / mailserver, etc.

Also, you should allow all local traffic

iptables -A INPUT -i lo -j ACCEPT

without this, you will run into a lot of problems...

It doesn't matter where you put the script, but a good place would be /etc/rc.d. As I mentioned earlier just make it executable then add a line to /etc/rc.d/rc.local to launch the script, e.g.

/path/to/firewall/script/rc.firewall

All you will need is a firewall like iptables and rootkit scanner. There is very little viruses for Linux though they effect older kernels and services. I use a router instead of configuring a computer to be used as a firewall because using something as complex as Linux may give you problems in the future.

Use Phlak or Knoppix STD to test your firewall from another computer.

All the information I have indicates there are no virii in the wild for linux. Zero. The reason one installs an antivirus in a linux machine is when the machine is used as a mail server for Win machines. Putting AV in a linux desktop is like wearing a c**d*m when you think about women...

I did read recently that some spyware folks are starting to produce spyware for linux. Sigh.

yea, from what i hear, most AV for linux doesn't even scan for linux viruses, the ones that do would only need to scan for a few things

anyway, just get chkrootkit and rkhunter and run them regularly to see if theres a rootkit installed, or some other vulnerability, another thing you could do is run nmap on your system (or get a friend to do it from a different computer) ... that should tell you what is wrong with your system, and gives basic security

anyways, ppuru, using a default policy of drop will really hurt the system, it could break some p2p, and can make the rules way to strict .... also use the "REJECT" target more then drop (just for furture refrence) , that way people scanning your system will have a little more trouble trying to find out if your running a firewall or not (plus it could be a big red flag for people that you might have something to hide, and thus make a good hack target)

the firewall rules he showed us looks all good, tho mine are a bit more strict, these should work fine for a very basic one, also add the line

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

that will make it so established and related connections are accepted (related are things like errors from previous traffic, things you want, established means you talked to it, and it talked back.. also something you want to allow usually

also add the line ppuru suggested about the loopback interface (so programs you have running wont freeze up, (happens when the firewall blocks its traffic to itself)

IMO, Firestarter gives you a huge start to get your firewall up and secure your system. It covers most ports for torjans and unroutable IP addresses. Firestarter comes with a GUI program and a bash script.