Do I really need a firewall?
 

Just updated to slack 13.1 and KDE4.

I have no idea or the time to figure out how to use iptables from command line.

I had been using guarddog gui for iptables but it does not work with KDE4, neither does firestarter and the other front ends I have found are very complicated.

Is there a simple to use firewall utility program for iptables?

and

Do I really need a firewall?

Thanks... :)

@M$ISBS,
I found this GUI for iptables "firewall builder" -- http://www.kmyfirewall.org/.

Running the new Salix 13.1 with XFCE -- have you tried? It rocks!

Thanks for the link but it says its for 2.4 kernel only. :(

Are you running any network service that you wouldn't want anyone "out" to have any kind of access to it?

If the answer is "no", then I don't see any reason to worry about firewalling.

That's the popular one-sided answer, yes. However 0) it's easy for people to forget to run a firewall after they *do* acquire services to run plus 1) this "answer" makes a SPOF of the device running a firewall (usually the cable or DSL router). Besides that a firewall serves more purposes than blocking traffic alone.

My other system is just a single user desktop, not a server and mostly used for browsing the internet.

How hard is it to use/configure Iptables?

What's the scenario? Do you have a DSL router or something? If yes, I wouldn't worry about firewalling, since most routers already do the filtering/NAT thing. I personally don't use any iptables rule in my desktops and never got in any trouble. Only use filtering at my gateway and that's all.

But if you are still interested in setting up a workstation firewall scheme, you should check this link: http://wiki.linuxquestions.org/wiki/..._a_workstation


Also a guide to build a basic firewall for a gateway: http://wiki.linuxquestions.org/wiki/..._a_gateway/nat

Yea, I have a DSL router but its really old.
Thanks for the links.

Does it? I couldn't see that stated anywhere, but there was mention of a version for Ubuntu/Gutsy and that shipped with a 2.6.22 kernel.

This is the Linux Security forum. Subjective interpretations like "thinking", "guessing" and "worrying" have no place here and what you do personally is not relevant. Please keep in mind we like to see members deal with questions objectively, based on facts alone.

@M$ISBS

I use this: http://connie.slackware.com/~alien/efg/ :) try it, it's very good!

Its age is irrelevant for present purposes. Its feature set and configuration are what counts. SOHO routers are being progressively dumbed down so old ones tend to have more features than new ones.

Are you using it as a router (if so, is it configured to do any port-forwarding?) or is it in bridged mode?

For desktop applications in Linux I don't really need/use firewalls but if I will, I'd prefer to just filter outgoing connections instead of incoming. It just makes sense to filter incoming if your system is targeted by hackers but for defense against viruses / multi/universal-target trojans, I think outgoing is already enough since with applications like browsers/etc. vulnerabilities can never be guaranteed so it's just better to detect if your system is already breached instead of trying to defend it.

Edit: That is of course if you know how to make sure that your firewall will not be accessed or modified once a successful attack is made.

This implies having default input chain DROP policies else you still have to set restrictions. Yes, people should use egress filtering but your opinion on egress filtering does not hold any valid reasons for not filtering ingress traffic: it "just makes sense to filter incoming" as it allows you to actively regulate, restrict, log and audit what traffic passes through instead of relying on what can turn out to be a SPOF.

Honestly I can't really parse your message but never mind my post then. My idea was really just to myself anyway.. not general. To me it's just a bother filtering incoming traffic.. waste of processing, analysis.. what for anyway.. You'll still have direct interface with your client softs.. browsers etc. With desktop setups such as mine, effects of incoming connections are just the same anyway.. filtered or not.