Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I did Internet search--a bit too abstruse for me ...
I like apf better than firestarter that I had before, because now all ports are "stealth" according to www.grc.com; all but port 22 that is open now.
Also - I can no longer use gftp, mutt, and some websites (including playing some Internet radio) while apf is enabled.
I run Debian stable machine.
Thanks, Hearthstone.
I like apf better than firestarter that I had before, because now all ports are "stealth"
OMG!!! One or more ports on this system are operating in FULL STEALTH MODE! "Stealth" was a craze of the past millennium ;-p
Quote:
Originally Posted by hearthstone
I can no longer use gftp, mutt, and some websites (including playing some Internet radio) while apf is enabled.
While desktop applications like Firestarter have their purpose working with Netfilter, simply put, requires understanding of iptables rules (see the "Frozentux" tutorial: http://www.frozentux.net/documents/iptables-tutorial/). Using APF is a choice you make. It does not and should not give you the idea that using an application that's promoted with marketoid language and running a gazillion scripts somehow no longer requires you to understand iptables basics. On top of that if you use APF then you should consult the documentation it comes with first.
If you want to see what your current rule set looks like start by saving it with say
[code]iptables-save > /tmp/iptables.txt[code]and then reading it with your favorite text editor or try
Code:
less /tmp/iptables.txt
and maybe attach "/tmp/iptables.txt" to your next reply.
Strangest thing happened--I reinstalled apf-firewall, and lo, behold: as far as I can notice, I can now connect to all my Internet radio stations, mutt works, gftp works, ...
The reason that I do not learn about iptables and such is that I just want to *use* my computers--if apf takes care of iptables for me, the better!
The reason I use Linux is that some years back I was unhappy with Windows (and still am) and Linux was the alternative. At first I liked learning about Linux, but as I am getting older, the less I sit in front of the thing, the more I like it; hence if apf does the job, I am happy.
All is well now (for the time being), only the port 22 is open; But I will do some Internet search and find a way how to close it, eventually.
The reflex to remove and re-install software to make things work often points to 0) the idea that practices learned using another OS are similar and should translate to similar actions when using Linux, or 1) the inability to diagnose a problem properly or 2) an unwillingness to do things "the Linux way". The practice is very rarely necessary.
Quote:
Originally Posted by hearthstone
if apf does the job, I am happy.
If "happy" is an objective criterion to rate ones machines security posture with, sure.
Quote:
Originally Posted by hearthstone
All is well now (for the time being), only the port 22 is open; But I will do some Internet search and find a way how to close it, eventually.
Just shut down the SSH daemon.
Quote:
Originally Posted by hearthstone
Btw--what's wrong with ports being "stealth"?
While "stealth" sounds nice it just means not responding to ICMP and traceroute requests. It has nothing to do with security: it only obscures a system. Said differently: time spent tackling real security issues or concerns is time well-invested.
The reason that I reinstalled apf-firewall is that with that I removed all my previous configurations, and, in my view, starting "from the scratch" is, at times, most expedient way to get things done.
I removed openssh-server and all is well--the port 22 is closed according to grc.com.
sshd is/was not installed on my machine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.