Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-14-2005, 07:48 PM
|
#1
|
|
Member
Registered: May 2005
Location: Aus
Distribution: SimplyMEPIS 3.3
Posts: 107
Rep: 
|
Shorwall .Vs. Guarddog
Im currently using the guarddog Firewall and considering installing Shorewall instead.
Is shorewall easy to configure indevidual ports? provide DHCP support?
|
|
|
|
|
07-15-2005, 01:56 PM
|
#2
|
|
Senior Member
Registered: Jun 2003
Distribution: Debian/other
Posts: 2,104
Rep:
|
Re: Shorwall .Vs. Guarddog
Quote:
Originally posted by Kamikazee
Is shorewall easy to configure indevidual ports?
|
To give you an introductory idea were individual ports are explicitly specified, and as an example - you can use "syntax" like:
Code:
# /etc/shorewall/rules
ACCEPT fw net udp 53
ACCEPT fw net tcp 25,80,110,443,6667
As you can see, we're allowing outbound connections to those specified ports.
(The above code from an /etc/shorewall/rules file could be used in combination with a "drop all outbound" type of policy in an /etc/shorewall/policy file (for a basic workstation, for example)).
As ever, to get the best out of it, it's a case reading up a little on the Shorewall documentation - alternately, if Guarddog is currently sufficient for your needs then you might want to stay with that - plenty of choice though, as ever 
Last edited by Skyline; 07-15-2005 at 02:15 PM.
|
|
|
|
|
07-15-2005, 11:15 PM
|
#3
|
|
Member
Registered: Apr 2004
Location: Pacific Northwest
Distribution: Debian unstable
Posts: 60
Rep:
|
I use firestarter, and think that it is alot better than both guardog and shorewall, check it out man....
|
|
|
|
|
08-12-2005, 11:14 AM
|
#4
|
|
Member
Registered: Jul 2003
Location: England
Distribution: Debian Jessie, FreeBSD 10.1 anything *nix to get my fix
Posts: 329
Rep: 
|
I have just started using firestarter. Took 5 minutes to download and get it installed and running. If your after ease of use I would suggest this program.
|
|
|
|
|
08-12-2005, 02:33 PM
|
#5
|
|
Member
Registered: Apr 2005
Location: Canada
Distribution: Slackware
Posts: 496
Rep:
|
I recommend Shorewall, mainly because it just does the job with no hassle. Even if you use the default / sample configuration you are "locked down" right off the bat.
Guarddog and Firestarter do have GUIs though, but I find them more intrusive.
In the end, they all get the same job done (which is tuning your iptables).
|
|
|
|
|
08-12-2005, 03:53 PM
|
#6
|
|
Member
Registered: Jun 2004
Location: Bharat
Distribution: RedHat, Debian, FreeBSD, Fedora, Centos
Posts: 114
Rep:
|
I am agree with Vgui for recommending Shorewall
Just go the the site and read the instructions easy to configure also you can download configuration files from
Sample Configurations
Good performance. |
|
|
|
|
08-12-2005, 04:23 PM
|
#7
|
|
Senior Member
Registered: Mar 2004
Location: far enough
Distribution: OS X 10.6.7
Posts: 1,690
Rep:
|
I am using firehol but i was using shorewall which i find pretty good. As long as the firewall scripts or front-ends you intend to use, are well tested , stable and documented, i guess it is ok.
|
|
|
|
|
08-15-2005, 07:25 PM
|
#8
|
|
Member
Registered: Dec 2002
Posts: 56
Rep:
|
i recommend shorewall too
It is really feasible in configurate ur rules, hiding details of iptables and provide a high level user friendly concept
shorewall provided other features that firestarter nor guarddog is missed
e.g. traffic accounting, vpn, tos, etc
if people want a graphical gui, you can install webmin which included a shorewall module
of course if you want to get the full power of shorewall, you should get into the shorewall config files directly
|
|
|
|
All times are GMT -5. The time now is 06:15 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
