I used Shields Up! to scan my computer to see how well my SuSEFirewall2 (I think that's right) was working and I found out that all ports are stealthed but port 113 remains in a closed state. And it also doesn't block ICMP and/or ping. I would like to know how I can fix this.

Also, before I converted over to Linux I used Norton Internet Security on Windows XP. What I liked about it is it had a icon next to my clock that I could right click and click on things to show me my connection logs as well as show my current connections.

Does any one know of a firewall like that for linux? I want to be able to click on a little icon next to my clock and monitor my connections and read logs like I could on Norton. I think someone mentioned a firewall called Firestarter or something, but I don't remember.

I would also like to be able to monitor specific ports for example when some one connects to me on Gaim to send pics. I know on Linux you can't monitor specific programs but I set Gaim to listen only on port 5190 so that I could set my current firewall to alow that port. I also had to do the same with LimeWire to alow it's port. I didn't want to be a "leach" after all.

WarlockofVirgo,

Firestarter is a good firewall that offers an icon your taskbar as well as detailed logs. You can download it from Sourceforge. I am not sure however if it supports Suse.

Yeah, I found it at http://firestarter.sourceforge.net and no they don't have one for SuSE. I downloaded the source package but being a newbie and all I haven't had luck compiling some programs from source.

WarlockofVirgo,

You can run the source RPM to extract the source code or run tar. I recommend you extract it to your /tmp folder or /usr/local/source although doesn't really matter where you extract it to. I just like to keep it tidy. Anyway, you should first read the manual on how to compile it from source. It's usually the case that you run following from the directory you extracted the source to:

1) configure
2) make install
3) make

I think you may get away installing a Red Hat RPM as I believe Suse does support RPMs.

I hope it helps.

Nothing is "broken" about that so what do you want to "fix"? When a TCP port is "closed", it simply means that all packets sent to that port will be rejected.
And you don't want to block ICMP/ping. Why would you want to do a foolish thing like that?
R.

If I hear you right, then you are probably concerned about DOS attacks - the dreaded Ping of Death, Syn flooding and the like.

Linux as the ability via it firewall config (usually via iptables and netfilter) to distinguish malicious protocol usage. In this way protocol packets are filtered and their origin and destinations examined by the rules enforced by the firewall. Therefore, there is no need to shutdown protocols down for specific ports. The SuSE firewall is pretty thorough about this. It can allow good pings while filtering out "bad pings" for instance.

While Linux is not unique with this regard, its implementation is quite different from a Window PC and its available firewalls. As compared to Norton, it's more likely that a Linux/Unix system will have an administrator. Someone who is familiar with the filesystem on the server and is familiar with the locations of various log files,the interpretation thereof and can do shell scripting.

GNU stuff is coming out all the time. If you look long enough, you'll eventually find a Linux equivalent to what you had on windows.

Many windows based firewall products like to make ports appear to be invisible to the outside world. This feature is just sales hype.

Hey Charles Daniel,

I wasn't so much concerned about DOS attacks and what not. I was more concerned with being "invisible" when I'm online. If some cracker is scanning my local subnet to look for computers to exploit, I don't want my computer responding to there PING request. I know that Linux and the SuSE firewall is pretty damn good at security. But no one should have to rely Solly on there "armor" to protect them. There's an old Chinese proverb, I don't know the exact wording but it goes like this... The best way to defeat your enemy is to deny them combat. The point is I'd rather have crackers not know that I'm there as my best defense. My philosophy is to be invisible to your enemies, if they don't know you exist they wont target you. I'm sure you get the point by now.

Check out the iptables config :

http://www.sns.ias.edu/~jns/security...les/rules.html

This might have some stuff you need or give you more insight. If you want to setup your own iptables to manage your ports this may help. I think there might be a way to do some of the same stuff from the Expert option of the SuSE firewall config screen. Don't know for sure though - I'm just getting there myself.

A good packet sniffer would reveal your IP. When the try to scan your ports and find them ghosted then they will have knowledge of the type of firewall you're running.

Hey Charles Daniel,

95% of the info on that link went in my eyes, out my ears and over my head. Keep in mind that I just started using Linux. So I'm not that familiar with Konsoles, command lines and config editing. I do every thing on a GUI. I didn't get Linux to be a "techy" or "linux guru" or what ever, with no offense to those who do like learning that stuff. I got it because I was tired of the bloatware, spyware, viruses and other BS I had to put up with Windows. As well as all the other benefits of the open source philosophy.

I was more looking for a RPM or something I can easily install. The firewall I have now is good enough that I'm not interested in going through all that trouble to edit things I know nothing about. I'll just end up messing things up. Hell I had to reinstall Gaim the other day because of something stupid I did.

But thanks any way for the help. At least you tried.

Would Ethereal be such a packet sniffer? I installed all kinds of scanning tools from the SuSE ftp server. I'd be some what interested in how those things work.

That really depends on a couple of things. OS fingerprinting (not including passive fingerprinting) requires that the host reply with some kind of packet, whether it's an open port or just a RST packet. So if your firewall is set to drop all un-solicited incoming packets, then most fingerprinting programs will have a difficult time identifying the operating system at all, let alone what type of firewall software you are running.

@WarlockofVirgo:
It's kind of odd that you have port 113 in the closed state, but all others "steathed". You might want to try looking at the Firewall configuration in YAST and see if port 113 was allowed for some reason. If not, then you can use iptables from the commandline (you'll have to learn to use it sooner or later ). Just open up a terminal (console) and do the following:
Post any other error messages.

Capt_Caveman, I just installed Suse Personal, and the same thing happened to me. All ports stealthed except port 113. I will look into why that is, but thanks for the quick fix, it worked.