Firewall Question
 

Well 1 week in Linux and I'm loving it. It makes Windows look quite silly :). I do have a question though: Where can I find a program which will alert me to intrusion attempts (similar to the way Nortons, Zone Alarm, and McAfee does)? I know ipchains does a great job but I also like to be able to monitor my connection personally as well (not really trusting ipchains). Also, I have it configured to Default settings on high. Is this sufficient or should I set special rules? According to my friends NMap scan she says I have 1 port filtered and the rest are closed (which is also far better than windows).

Well ipchains is considered to be depreciated and was updated with iptables; available at www.netfilter.org. Snort is an IDS (intrusion detection system) used to monitor network trafic and can be downloaded at www.snort.org.

If you want an easy to configure, distro agnostic, graphical tool for both your firewall and network monitoring, you might want to check out "firestarter".

I've always found PortSentry to be very good, much less complicated than SNORT... you can have it run a script that does whatever you like on a scan detection (I have mine auto-generating IPTables rules to ban the scanner...)

Check it out here:

http://sourceforge.net/projects/sentrytools/