I have no problems with firestarter on my MDK9.1. I've checked and only have 4 ports open. I did notice that if I let it run in a shell than yes their are more port open than I would like, But since my firewall dosn't have a monitor I set it up to run in the gui.

I am using a Netgear router to access the internet. I have no Mandrake firewall installed. I went to www.grc.com and did the shields up! test. everything with stealth!
So does this mean that i do not need a firewall?

In fact you have a very efficient firewall: a router. Provided it is well configurated as it seems to be.

I also use my firewall machine for a file server, ssh server, smb server and a place for relatives to have a place to swap files that are to large to email to each-other and for my kids to login to to get their homework and II still have only 4 ports open

It's a Netgear MR814 model. It's great that I've recommended it to my friends! Works like a charm.

I haven't tried gaurddog, I use shorewall, it works great as well and comes with mandrake 9.1.

also for those that asked about the linksys or other soho routers, they don't have features to allow specific ip addresses access or the ability to create a DMZ, but they do provide some security. I'm not sure if they have vulnerabilities.


mrnikeswsh - if you have MNF you really don't need the linksys, your MNF will do the functions that the linksys does, unless it's a wireless WAP/router. You would set your gateway interface to do DHCP and configure it as the outside interfaces. and your inside interface would be 192.168.0.1 and it can run as a DHCP server for the inside computers.

Hey I'm not the only one using it! The easiest firewall to configure. The online docs are outstanding!

I know that in Windows XP, a software could uknowingly send information out. I know this because I have Zone Alarm on my Windows XP machine and Adobe and Norton will try to send out information. If I did not have Zone Alarm, these programs would access the internet without my permission.

Can programs in linux unknowingly access the internet?

Hello Micro420! I'm not a Linux guru, I'm in Linux for less than
one year. But as you know, none can login into your pc remotely
provided you don't give him/her permission and, as you remember,
you need to be root to open accounts to new users. This prevents
your PC to be hacked, in theory... provided you have your OS
updated! Always there are vulnerabilities to be exploited by
hackers. Your question: "Can programs in linux unknowingly access
the internet?" I think is one that can not be answered
categorically yes or not. For exemple, CD rippers usually contact
automatically CDDB data bases to request album, author and song
titles. I think other programs do the same for other reasons but
these don't atack your privacy and cannot be considerated as
spyware or trojans, they have the related internet activity
necessary for making exclusively the functions they were created.
But who knows? Do anyone think a well trained hacker can exploit
some kind of vulnerability of a program and insert something that
converts it into spyware? Or, moreover, can a hacker substitute
files on a ftp server? I know these questions are well out of this
thread but a well configurated firewall will prevent of sending any
externally requested data and internal spyware activity.

Anybody who's using shorewall been able to ssh into the firewall machine and then from the firewall machine ssh into a system on your lan?

What if someone makes a software that can check for viruses or updates your CD software by sending out information but it maliciously grabs your cookie files from you web browser to send it to an outside server so that they can track your web surfing habits? if something can go out without you knowing, then there could be a slight chance that someone may use that to find out something about your computer without your consent. This is scary! Time to install firewall!

you can set up rules to accomplish this, but I would not give access to the firewall, I would port map ssh (port 22) to the host you want access to. I would also set ssh to only accept connections with a key. You can also change the port ssh accepts a connection on.