Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi !
Short newbie question :
Is it better to have snort , prelude, fwbuilder, bastille or iptables for a personal firewall ?
And is it a good thing to have them running together ?
Merci.
Spassiba.
Thanks.
Efraristo.
Danke.
Grazie.
Gidos
Gracias.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
For the last time SNORT IS NOT A FIREWALL If I had a dollar for every time I've pointed that out...
Look, firewalls are packet filters and/or proxies. They work by actively interrupting traffic. Intrusion Detection Systems (such as Snort) are mostly passive and do not block traffic as a general rule. Additionally, IDSs look at many more characteristics of traffic besides just what ports the traffic is using. Most firewalls will only look at source/destination port/ip to make their decision.
By the way, it's my understanding that Prelude is another IDS and as such, NOT A FIREWALL EITHER. I could be wrong on that one.
fwbuilder is a program which will let you create firewall rules and write them to a configuration file for several of the popular firewalls. The short list of supported firewall types is pf (OpenBSD), ipfw (FreeBSD), iptables (Linux), and PIX (Cisco Security PIX--which BTW does NOT RUN IOS despite what some ignorant people will tell you). fwbuilder is not actually a firewall, is a firewall configurator.
Last, Bastille. Well, from what I know Bastille is actually a set of lockdown scripts which change filer permissions and generally tighten your system security in an automated fashion. Mandrake Linux has it's own program to perform this function, it's called msec (Bastille will run on just about any Linux SFAIK). The last I knew, Bastille did NOT have a firewall, although it's possible that it now has iptables rules that it loads.
So you see, you're comparing apples to oranges. Snort and Prelude are IDSs, fwbuilder is just a firewall configurator (you still need something to run the firewall), Bastille is (so far as I know) only a lockdown script and not a firewall, iptables is actually a set of kernel modules that will let you install a firewall.
Firewalls that I know of: Firestarter, Guarddog, SNF (Mandrake's Single Network Firewall) and um... that's pretty much it. You can use fwbuilder to setup an iptables firewall, though. Obviously you'll only have access to SNF if you run Mandrake.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.