Shorewall or other firewall???

		LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Shorewall or other firewall???

Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.

Exclusive for LQ members, get up to 45% off per month. Click here for more info.

Search this Thread

01-22-2005, 03:08 PM	#1
SlipAway172 Member Registered: Jun 2004 Location: GA Distribution: Latest ubuntu Posts: 172 Rep:	Shorewall or other firewall??? im using the built in FW im MDK 10.1 and i would like to know if it would be better to run a hardware firewall. i have the D-Link DI-604

01-23-2005, 02:28 PM	#2
peter_robb Senior Member Registered: Feb 2002 Location: Szczecin, Poland Distribution: Gentoo, Debian Posts: 2,458 Rep:	Each has it's uses.. One advantage of your own firewall script is that it can be tuned, really well.. and the hardware device? Who knows what's in there.. One disadvantage of your own firewall script is that it wasn't written by an expert, so it may have holes in it.. Big holes.. And the hardware device? Who knows? It's only going to be a big problem if you expose connections to the internet, eg run servers.. Then the problem moves to the quality/security of the server/software.. You could always use both, but the real weaknesses are bad passwords, bad configurations and users who don't care. If you're just a workstation, it's relatively easy to block NEW incoming connections. That's a good start. Anything more complicated and you'll need to do some study.. eg an iptables example.. http://wiki.linuxquestions.org/wiki/..._a_workstation

01-23-2005, 02:53 PM	#3
SlipAway172 Member Registered: Jun 2004 Location: GA Distribution: Latest ubuntu Posts: 172 Original Poster Rep:	oh. i think i will use my hardware firewall from dlink. thanks for refreshing my memory of that the script firewall most likely has BIG holes. and also shorewall could crash w/o me knowing or while im away and if my hardware firewall one "crashed" it would lock all ports or turn off> lol........ ON MY KEYBOARD NOW. when the CAPS lock is on it will to lower case adn when it is off it will to UPPER....lol time for a reboot. after 2 months

01-23-2005, 03:09 PM	#4
peter_robb Senior Member Registered: Feb 2002 Location: Szczecin, Poland Distribution: Gentoo, Debian Posts: 2,458 Rep:	I prefer to trust what I can examine or prove.. So I stick with writing rules. A quick solution is to use a script that has been tested. The one on the LQ Wiki is just fine for a workstation.. And also set up some blocks in the DLink box. Being a little paranoid can help, but use both tools wisely and you'll be ok!

01-23-2005, 07:09 PM	#5
SlipAway172 Member Registered: Jun 2004 Location: GA Distribution: Latest ubuntu Posts: 172 Original Poster Rep:	what would u do? run both shorewall and a hardware FW or just the hardware firewall

01-25-2005, 12:42 AM	#6
camelrider Member Registered: Apr 2003 Location: Juneau, Alaska Posts: 251 Rep:	Run shorewall. It is written by a very knowledgable and dedicated man who supports it better than any other piece of softare I know. The shorewall-users mailing list is one of the best places i've found to learn about iptables firewalling information which I'll probably never have the opportunity to use. This iptables frontend can be very simple or highly sophisticated, depending on your needs. The support info is at: Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/...horewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm It's the old belt-and-suspenders thing. You might as well use both HW and Shorewall as they are both pretty easy to set up for a home system.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
configuring shorewall (firewall)	mrbig	Linux - Software	2	09-09-2005 11:15 AM
shorewall firewall problem	wisdom	Linux - Security	1	02-02-2005 08:27 PM
shorewall problem with firewall itself	peter72	Linux - Networking	1	08-01-2004 01:09 PM
Please help me: Shorewall firewall can only ping out	neilcpp	Linux - Security	2	10-21-2003 03:24 PM
Shorewall Firewall Questions	bLaDe	Linux - Security	3	08-13-2003 08:46 PM

All times are GMT -5. The time now is 04:54 AM.

Main Menu

(Con't)

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

Twitter: @linuxquestions