Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am currently planning my final year project at university and I'd like some opinions on my initial idea. I do have to stress that this idea is extremely primitive and I have barely begun, what I'd really like is to have some comments from you guys that I can use to decide whether to proceed.
I'm looking to create an interactive firewall, the exact nature of the firewall is yet to be determined but my main aim is to create a user friendly application that can help new users to Linux configure network access with maximum ease. By interactive I mean a firewall that is restrictive by default, allowing only those applications and services network access through interactively granting permissions.
What I'd really like at this initial stage is some opinions, on whether Linux actually needs another firewall, and some features that you'd like to see. I'd also like some advice on what is currently available, what firewall you use, and the things you like/dislike about it.
I'd really like people to be honest in there opinion, I'm not tied down to this application and I have pleanty of time, if the idea isn't required amongst Linux users then there is little point in proceeding.
I've asked a lot of questions here so comments on any would be great.
I'm looking to create an interactive firewall, (..) create a user friendly application (..) configure network access with maximum ease.
Linux (the kernel) has one filtering framework called Netfilter. Together with userland tools like ipfwadm, ipchains and iptables to manage rulesets this is what encompasses "the Linux firewall". Anything on top of that (that is: dependant on) should be called middleware or frontend but not a firewall.
a firewall that is restrictive by default, allowing only those applications and services network access through interactively granting permissions.
Might find some hooks or examples wrt network blocking in Niels Provos' Systrace, GRSecurity, iptables (POM) modules.
I'd also like some advice on what is currently available
Search Sourceforge and Freshmeat and you've got eighty percent of what's around I'd say.
Some linux firewalls are restrictive by default at least from the
external zone. I use Suse 10 and it can also be configured to
deny everything from the internal zone except for manually
configured exceptions. As far as the external zone is concerned
you can add things like the Samba server into the firewall but it
still doesn't work even if you are only trying to network to
other Suse machines (I expect this is a bug).
A really safe fire wall would deny all requests from the local
zone, all requests from the external zone and all requests from
the DMZ zone. I don't think its a question of a new firewall,
more a question of the defaults to be applied to existing
firewalls and the right tools to allow easy configuration of
firewalls (and documents that explain what the configurations
options are and what they mean).
What would be nice is a capability like that provided by Zone Alarm in Windows; monitoring outgoing connections and by default not allowing them unless previously approved.
Granting that viruses and trojans haven't been a big problem in Linux, having such monitoring capability would add a layer of protection that would be nice.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.