LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Snort, prelude, fwbuilder, bastille or iptables ? (https://www.linuxquestions.org/questions/linux-security-4/snort-prelude-fwbuilder-bastille-or-iptables-99935/)

christophe.dr 10-03-2003 04:10 PM
Snort, prelude, fwbuilder, bastille or iptables ?
 
Hi !
Short newbie question :
Is it better to have snort , prelude, fwbuilder, bastille or iptables for a personal firewall ?
And is it a good thing to have them running together ?
Merci.
Spassiba.
Thanks.
Efraristo.
Danke.
Grazie.
Gidos
Gracias.

chort 10-03-2003 06:27 PM
For the last time SNORT IS NOT A FIREWALL If I had a dollar for every time I've pointed that out...

Look, firewalls are packet filters and/or proxies. They work by actively interrupting traffic. Intrusion Detection Systems (such as Snort) are mostly passive and do not block traffic as a general rule. Additionally, IDSs look at many more characteristics of traffic besides just what ports the traffic is using. Most firewalls will only look at source/destination port/ip to make their decision.

By the way, it's my understanding that Prelude is another IDS and as such, NOT A FIREWALL EITHER. I could be wrong on that one.

fwbuilder is a program which will let you create firewall rules and write them to a configuration file for several of the popular firewalls. The short list of supported firewall types is pf (OpenBSD), ipfw (FreeBSD), iptables (Linux), and PIX (Cisco Security PIX--which BTW does NOT RUN IOS despite what some ignorant people will tell you). fwbuilder is not actually a firewall, is a firewall configurator.

Last, Bastille. Well, from what I know Bastille is actually a set of lockdown scripts which change filer permissions and generally tighten your system security in an automated fashion. Mandrake Linux has it's own program to perform this function, it's called msec (Bastille will run on just about any Linux SFAIK). The last I knew, Bastille did NOT have a firewall, although it's possible that it now has iptables rules that it loads.

So you see, you're comparing apples to oranges. Snort and Prelude are IDSs, fwbuilder is just a firewall configurator (you still need something to run the firewall), Bastille is (so far as I know) only a lockdown script and not a firewall, iptables is actually a set of kernel modules that will let you install a firewall.

Firewalls that I know of: Firestarter, Guarddog, SNF (Mandrake's Single Network Firewall) and um... that's pretty much it. You can use fwbuilder to setup an iptables firewall, though. Obviously you'll only have access to SNF if you run Mandrake.

jymbo 10-04-2003 12:02 AM
I use iptables in conjunction with a very simple yet powerful iptables script called gShield.

mysterio 10-04-2003 07:03 PM
I'm pretty sure (not positive) that bastille is also a firewall.

unSpawn 10-07-2003 06:11 AM
I'm pretty sure (not positive) that bastille is also a firewall.
Sure. And DOS too, I mean, it's not lettin ANYTHING tru :-]

gfyspf 10-28-2003 01:59 PM
for a personal firewall I would just use iptables. Once you get the hang of writing the rules it is very easy. there are plenty of examples on line.


All times are GMT -5. The time now is 04:17 PM.