Other than Firestarter, how safe is it to use an iptables firewall for Linux if you know the basics of iptables but not the details and not exactly what you're doing with iptables? I want to be very secure without configuring iptables myself if possible or doing as little as possible. If you don't think iptables is safe if you don't really know what you're doing, can you please tell me which firewall you can use (Slackware specific, preferably) that is the easiest to install and configure? Are there any that work like free Windows firewalls, other than Firestarter? I've looked around and looked at slackbuild and can't find a Firestarter package, I searched this site also and saw something about the reason there isn't one. I need help. I'm concerned with my security and I don't want to write my own iptables firewall - I don't fully know what I'm doing.

The default on redhat/centos and many distributions disable access to most things by default... that being said, it's not easy if you don't know iptables, but if you don't it IS worth learning. Honestly there is no security product that is effective if you don't know what you're doing.

I read the how-to and tutorials (not the NAT and hacking) from the netfilter site, but I don't really know WHAT to do with the settings. I understand how to configure iptables, I just don't really know what to do with iptables to make it very secure. I guess I could just copy Firestarter's configuration, huh?

For Linux??? I think that my advice might have quite different elements if you were the admin of a server farm from that I would give if you were a typical home user, both of whom could be using Linux.


Iptables itself isn't that difficult to learn, but you will have to know about networking in order to use it.

Iptables itself isn't that difficult to learn...oh, sorry, I've already done that. There are quite a number of iptables scripts that you can find scattered around the 'net, and configuring them isn't difficult, if you know what you want to do. Have a look at:
linuxhomenetworking
frozentux

I don't directly know how Windows firewalls work, but if what you mean is that you want a GUI to configure, there are quite a few. if you try this search, you'll find a few including this

I did also see mention of guarddog being available for an earlier version.

...didn't see this when I wrote my previous reply...

Your first assumption should be that you want to disable everything unless you actually need it. Of course, that only raises the question of how little you can open up and still do what you want to do...

If the problem is that you don't know which ports associate with which services, there are hints here:

/etc/services

(Although it is possible to use processes on ports other than the default one, so you might have to look in your conf files for that).

Also, netstat can be used to see what is listening on which port.

Yes. There is an argument that this (running a gui rule-generator on another machine) is the normal paranoid's way forward. This enables you to run the rule generator on a machine that is not itself under direct threat of attack and so removes the possibility that the miscreant gets in and substitutes a 'bad' version of the rule generating program.

(In a security context, I am not in any way suggesting that being paranoid is bad; the opposite, in fact.)

Thanks.

Basically you want to disable all NEW state connections in bound unless they're explicitly allowed. You probably want to allow any state RELATED,ESTABLISHED connections. If you have nothing enabled from outside (a good configuration for a desktop) then you're about as secure as you can get. Servers should only have the required remotely accessible services enabled.