LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-19-2013, 11:02 AM   #1
Xstitcher
Member
 
Registered: May 2013
Location: Derbyshire
Distribution: Zorin 6.3
Posts: 36

Rep: Reputation: Disabled
Smile Which firewall?


Hello

I am currently looking at Linux and am unsure about firewalls. Most things I have read say use something called "Firestarter" then say it is no longer being developed. Surely if a firewall is needed a "current" one should be available. I am still on XP (sorry) but realise I need to move on as every update now means something else stops working. First my trusty DMC cross stitch program, then Visio went daft, now Access won't let me do some things. Aaaargh!
I am seriously considering Mint.
Your advice or reassurence on the firewall thing would help me make up my mind.

Thankyou in anticipation.
 
Old 05-19-2013, 11:17 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,064

Rep: Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894
Firestarter isn't genuinely a firewall, but a graphical front end.

The firewall is iptables. It is still being developed and there are no (current) worries about it going end-of-life, or anything. If you use firestarter (or any other similar Linux "firewall") what it actually does is produce a rule set for iptables. iptables then runs the rule set.

So, from a security point of view, the biggest concern would be if anything was wrong with iptables. If something is not up to the latest with firestarter it is more likely to be a lack of flexibility, ie, it does not have some capabilities that a more up-to-date solution does have, but what capabilities it does have are still working.

having said that:
  • Linux firewalls are firewalls; they aren't some bundled, multi-feature, product that does anti-virus and shoe-shining as well. They're firewalls.
  • Firewalls aren't the absolute necessity that they are on some less well secured systems that default to leaving lots of ports open. Still nice, but not an absolute necessity.
  • When you have settled on a distribution, look in the package manager (search firewall). There will be one or more firewall (front ends) that are supported by the distribution. Use one. Note that running more than one firewall on the one computer, as you may see advised for some systems has no meaning here. There will be one iptables and it runs one ruleset.
  • Understanding firewalls is probably not the most difficult thing that you can ever do, and you can write iptables rules directly, if you like.
 
1 members found this post helpful.
Old 05-19-2013, 11:33 AM   #3
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,708

Rep: Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507
In most cases, the firewall is not something you have to worry about. It will normally be set up for you at installation, and some distros don't bother to give you a gui to control it because they assume that few people will need to open the ports they've shut. The only major distros I can think of off-hand where you need to run the configuration program are Fedora (a few ports left open that most people would want closed) and PCLinuxOS (firewall not actually switched on by default).

I think you're on the right track with Mint, by the way: one of the best for newcomers and good for anyone. You might like to look at this site, which will show you some of the programs which are available:
http://linuxappfinder.com/alternatives
 
1 members found this post helpful.
Old 05-19-2013, 10:06 PM   #4
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,871
Blog Entries: 18

Rep: Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340
I'm not sure about Mint 14, but Mint 13 came with a GUI configuration front end for iptables called gufw.

You can check your firewall settings from the command line with the command,

Code:
iptables -L
You may have to run the command with root privileges.
 
1 members found this post helpful.
Old 05-20-2013, 12:03 AM   #5
tommcd
Senior Member
 
Registered: Jun 2006
Location: Philadelphia PA USA
Distribution: Lubuntu, Slackware
Posts: 2,230

Rep: Reputation: 291Reputation: 291Reputation: 291
Quote:
Originally Posted by Xstitcher View Post
I am currently looking at Linux and am unsure about firewalls. ...
Note that if you are behind a router then you already have a hardware firewall in place.
I have never found a need for anything more than this while using Linux.

After you install your chosen Linux distro, you can check if any ports are open here: https://www.grc.com/intro.htm
Click on Shields Up, then scroll down the page and click on Shields Up again.
Then click on the "Proceed" button in the middle of the page.
Then click on "All Service Ports" under "Shileds Up!! Services"
If it is slow to load you may have to wait and click on it again.
It will show you which ports are open, closed, or stealth.
Ideally all ports should be stealth.
It will also show if your system responds to ping requests and so forth.

This should provide the diagnostic info you would need to determine if you need to close or block ports with a software firewall.
 
1 members found this post helpful.
Old 05-20-2013, 12:32 AM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
http://www.ipcop.org/

all you need to know ...

not really, but its a great hardware firewall. requires very low system requirements and can even run on old PII's and PIIIs so any cheap system will do just fine. all you need is X number of NICs with the min. number being 2. one for RED (wan side, connects to your ISP) and GREEN (LAN side).
 
Old 05-20-2013, 08:27 AM   #7
Xstitcher
Member
 
Registered: May 2013
Location: Derbyshire
Distribution: Zorin 6.3
Posts: 36

Original Poster
Rep: Reputation: Disabled
Thank you for your replies. I am reassured that linux is the way to go. I just need to pluck up the courage and get on with it. I am a little unsure about the root thing. I have always been "the" user on my PC. I never set up anyone else as there was only me. Would I need a "root" password which I hopefully would not need to use, and a "normal user" one that I would use so I would not mess anything up?
Cheers!
 
Old 05-20-2013, 08:37 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Re root & normal user; yes, that's the way to go.
Most distros would make you create the root user passwd during install.
Some also make you create the normal user & passwd, some leave it until after install.
Some (Ubuntu & derivatives) disable root and give you full access from the 'normal' user.
 
Old 05-20-2013, 09:36 AM   #9
Xstitcher
Member
 
Registered: May 2013
Location: Derbyshire
Distribution: Zorin 6.3
Posts: 36

Original Poster
Rep: Reputation: Disabled
Thanks Chris. I was considering Mint which is based on Ubuntu I gather. Does disabling root mean it is safe or does it mean normal is dangerous?
Cheers
Margaret the puzzled.
 
Old 05-20-2013, 12:27 PM   #10
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,708

Rep: Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507
The difference between normal users and root users started in the workplace, where the systems administrator doesn't want people messing about with potentially nasty consequences.

When you run as an ordinary user, you can only alter you own files. Even at home, this has advantages, protecting you from (1) silly accidents, (2) adventurous children, (3) malware trying to install itself, etc.

There is always a root user, just two ways of becoming it.

In most distros, you type "su" in the command line and give the root password, just as a systems administrator would to take control from some-ones terminal. Then you can issue commands that are able to do anything. When you've finished, you press Ctrl-D and go back to being a normal user.

In other distros you give the command you need to use and preface it with "sudo": e.g. "sudo gedit /etc/fstab" to edit the file fstab. The computer then asks you for your log-in password. That started as a way of letting systems administrators delegate responsibility to trusted people: their names are listed in a file, together with the commands they can use. The distros that use sudo put the owner of the computer in that file with permission to use everything. If you need to issue a lot of commands, you type "sudo bash", which starts a new version of the command line interpreter, as root user.

In practice, you very seldom have to use the command line in major distros, although sometimes it's quicker.

The difference between the approaches also shows up when you run the program to install more software. If your distro uses su, it asks you for the root password; if it uses sudo, it asks you for your password.
 
1 members found this post helpful.
Old 05-21-2013, 10:38 AM   #11
Xstitcher
Member
 
Registered: May 2013
Location: Derbyshire
Distribution: Zorin 6.3
Posts: 36

Original Poster
Rep: Reputation: Disabled
Thank you David that is very helpful. I have a few more things to check but Linux is getting nearer. I have been using Firefox and Thunderbird for years (having seen the blue screen of stupidity way to many times and given up on explorer) so the change wont be very noticeable I hope. I have just checked how to move my profiles which looks doable. Open Office has been my choice for years now and I assume Libra office is similar. I have also just taken the geek test, result 21% geek I assume this means I should be fine with linux! Alas most of my points come from books, TV series and general listing and cataloguing of my world, not many for computing sadly.
I was the system administrator allowing some folks access (but most non!) back in the 80's with dumb terminals in the era of mainframes and mini's. I maintained masses of tables produced endless reports and growled at people.

Cheers
Margaret - Certified Geek (administration)
 
Old 05-21-2013, 03:45 PM   #12
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,064

Rep: Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894
I have a suggestion for you: forget the firewall thing (for the minute), and get yourself a 'Live CD' (in reality, probably a DVD), plug it in to your optical drive and give it a go. Particularly with a DVD, you'll probably find Libre Office, Firefox and maybe even thunderbird on the disk.

Just try it and see how you get on.
 
Old 05-21-2013, 07:54 PM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Couple of useful links
http://rute.2038bug.com/index.html.gz
http://wiki.linuxquestions.org/wiki/...ndows_software
 
Old 05-24-2013, 11:05 AM   #14
Xstitcher
Member
 
Registered: May 2013
Location: Derbyshire
Distribution: Zorin 6.3
Posts: 36

Original Poster
Rep: Reputation: Disabled
Hello Salasi, David, Chris and Co.
I am writing this in Linux after my husband downloaded and burnt an Iso. He uses torrents for downloading music I have never done it and would have done it the slow way.
My husband tried it on his current laptop first as it is much newer than his old one that I have claimed. It worked but does not recognise his trackpad. It works with a mouse and the buttons work but not the pad. The laptop is a Compaq Presario CQ57.
The old Dells trackpad works fine (Ijust prefer a mouse which works too!) but my keyboard is not quite right and the time is wrong but they could be corrected on installation.
I installed Last Pass to sign in to your site and that worked fine. I shall continue to try my usual stuff but so far it looks very good.

Margaret & Pete
 
Old 05-24-2013, 09:48 PM   #15
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,871
Blog Entries: 18

Rep: Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340
Quote:
My husband tried it on his current laptop first as it is much newer than his old one that I have claimed. It worked but does not recognise his trackpad. It works with a mouse and the buttons work but not the pad. The laptop is a Compaq Presario CQ57.
There may be a driver issue with the trackpad. Versions of Linux on Live CDs may not include certain "non-free" drivers, either because of issues of space or because the particular distro has philosophical issues about "non-free" binary blobs.

Another possibility is a hardware switch on the laptop keyboard that is defaulted to "off." I have such a switch on one of my laptops (though I would never have figured out what that stupid symbol on it meant without the help of LQ). Once I pressed that key, the trackpad started to work (and, no, I don't like trackpads either).

(The symbol on the key was supposed to be a trackpad with a finger pointing at it, but you could only figure that out if you already knew what it meant.)

Last edited by frankbell; 05-24-2013 at 10:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Managing A Single Firewall Policy For Multiple Servers Using Firewall Builder LXer Syndicated Linux News 0 12-06-2010 11:20 AM
old CISCO PIX 515 firewall to Linux firewall Winanjaya Linux - Security 8 03-22-2010 12:56 PM
router billion 5102 has firewall and software firewall tests aus9 Linux - Security 6 12-31-2006 11:09 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 10:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 01:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration