Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Kewpie,
Thanks you for your help.
I am simply looking for something
that I can install and forget.
I am not yet so savi with linux
that I am punching my own code.
Namaste'
Scot
Hey Scot.
Here's a HUGE bit of advice that I wish I had been given.
Tattoo this on your right hand:
Code:
I will never be able to learn everything there is to know about linux.
I'll probably get some flames for saying that. But, it's true.
I mention this because you mentioned "I am not yet so savi [] that I am punching my own code." You don't have to be a coder to use linux. Many, many programmers love to use linux. But you don't have to be a coder to use the OS.
Good luck with your firewall search. There are MANY options for firewalling.
If you know how to configure the nitty gritty details of a firewall, use the built in iptables software.
Other than that, well... I'm no firewall junkie. I stick everything behind a NAT, configure holes for my DMZ boxes and DMZ firewalls, and leave it at that.
TheNbom aka Rod,
I am using Xubuntu with the XFCE GUI.
I would be looking for what you described as
a canned package.
One that I have little or no chance of screwing up.
Namaste'
Scot
The package I am most familiar with is for setting up a dedicated firewall/router. It is called HomeLANSecurity, and can be easily located on the web. If you are looking for a package to protect only a single local host, it is not appropriate for your needs.
What I describe as a canned package will invariably be something on the level of what win32sux has provided in this forum. To be truthful, what he has given you is not so difficult to install. You probably just need to examine what he has described, ask a few questions here to fill in the blanks and attempt an installation. As much as you would like to think of a firewall as an 'install-and-forget' project, it is probably not so realistic. You will probably someday want to run some sort of service requiring you to open some port(s). For instance, you may want to enable SSH to allow you to login remotely. You may wish to enable certain P2P services. Online games may require specific configuration. Most times, these updates are not difficult to perform, but it does require some understanding of where to look and how to restart the system.
--- rod.
Okay, this thread got me interested enough to try out Firestarter. I ran it on a firewall host that had previously been configured with the aforementioned homeLanSecurity. It seemed to generate a more or less acceptable firewall script, but I didn't want to keep it as a permanent set up. Therein lies my problem. I did a
Code:
service firestarter stop
, and re-ran the homeLanSecurity script. Everything worked fine, until WAN interface lease expired, at which point it reloaded itself, removing all of the settings applied by homeLanSecurity. The documentation for Firestarter states: When the network device bound to the DHCP service is assigned an IP address (either when connecting for the first time or on a lease renewal) the firewall is started or refreshed. This seems to be happening, and I don't want it to. I cannot seem to locate the mechanism by which this is occurring. Can anyone tell me how to terminate this? A re-boot did not solve the problem. Thanks.
BTW, my take is that the basic scripts generated by Firestarter would probably be a decent starting point for someone who wanted to generate a more highly customized or special-purpose firewall. Significant changes would probably make the Hits tool work incorrectly, however, as would probably be lost
I wonder what acid_kewpie objects to about the script generator in Firestarter? Care to expand on that, acid_kewpie (not saying you're wrong, would just like more detail)?
--- rod.
Okay, in answer to my own question...
The firestarter tool, either the installer or the tool itself, creates an entry in the /etc/dhclient-exit-hooks file, which re-runs the firewall startup script immediately after the WAN interface renews its DHCP lease. I am hopeful that removing the entry from /etc/dhclient-exit-hooks will stop firestarter from clobbering my preferred firewall. I will know for sure in a couple of hours when the lease is renewed.
--- rod.
you could simply uninstall or purge the firestarter package from your distro if you don't intend to continue using it.. wouldn't have to worry about it restarting then..
Firestarter is a great choice for new Linux users imho. It's simple to use sorta like zone-alarm in windows..
you could simply uninstall or purge the firestarter package from your distro if you don't intend to continue using it.. wouldn't have to worry about it restarting then..
Firestarter is a great choice for new Linux users imho. It's simple to use sorta like zone-alarm in windows..
I did use yum remove, which deleted all of the binaries and scripts, except the troublesome ones. In my searches for a solution to this, it appeared that this was considered a bug, at least by people responsible for Debian packages, although mine is a Fedora RPM. The firestarter homepage seems to say that the behavior I object to is a feature, but I don't see it that way. It is hardly inconceivable that one might wish to turn a firewall off for arbitrary time periods (like,,,, forever), and to have it autocratically restart itself just seems wrong to me.
Maybe this kind of thing is prevalent with packages like firestarter, and that might be what acid_kewpie objects to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.