Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
could you please recommend a firewall which could be used (have tried Guarddog and Firestarter) had trouble installing Firestarter as it keeps asking for a libasound.la libasound.so could not find it anywhere... or if you could tell me from where can i download the mentioned files it would be grately appreciated...
I use shorewall, it's flexible, easy to learn and lightweight.
Actually there is a firewall/router built-in in most linux distro, iptables. It works at kernel level. It's almost impossible to setup
That's where some so-called firewalls such as shorewall come in, they simply help you manage reasonably iptables
It is true learning iptables is hard when you don't have prior knowledge of software firewalls. I have spent a lot of time improving my own iptables firewall. I am still collecting bits from the net from time to time. It is only recently I have understood how to host internet games on my local network. I didn't understand how to let them through.
If you don't make a living learning that kind of stuff, consider buying a hardware router/firewall. It will be way safer and easier than messing with iptables.
thanks guys... sure will give shorewall a go ... about ip tables ... its like doing maintainace work in production factory... unless you know what to do... ur completely lost!
by the way does it mean that if you know how to read and manage iptables you basically dont need a software firewall?
Originally posted by marsques thanks guys... sure will give shorewall a go ... about ip tables ... its like doing maintainace work in production factory... unless you know what to do... ur completely lost!
by the way does it mean that if you know how to read and manage iptables you basically dont need a software firewall?
Shorewall, Firestarter, and iptables are not different firewalls. Shorewall and Firestarter are merely graphical interfaces for configuring iptables. Iptables is itself a software firewall, but not in the sense of an add-on Windows software firewall. The firewall is in the Linux kernel itself.
However if iptables is running on a dedicated box then it qualifies as a hardware firewall!
Background: a firewall in integrated in (almost) every linux system: what actually takes care of rejecting and/or forwarding is iptables, which mostly resides in kernel. However, iptables config is pretty hard to understand. Have a look by typing 'iptables --list'.
Think of it as a list of which streets are open or blocked, and you need to allow certain points to be connected. Unless you know really well the city (your network) and spend much time thinking at this, you would likely open the main avenues. This is quite unsafe, since burglers, cia agents and even tanks could get stright to your city core.
That's where 'firewalls' come in: they ease you the task to only allow wanted folks in your town (sounds xenophobist, does't it? ;p )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.