LinuxQuestions.org - Firewall Software, What do you use and how well do you like it?

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Firewall Software, What do you use and how well do you like it? (https://www.linuxquestions.org/questions/slackware-14/firewall-software-what-do-you-use-and-how-well-do-you-like-it-566415/)

Firewall Software, What do you use and how well do you like it?

I currently use IPCOP w/QOS and NTOP addon. my machine has been locking up since then and i've been wanting to test out other firewall software. would like to get some input from any fellow slackers that use something other than IPCOP.

for me, ipcop does work great, just wondering what else is out there.

I'm not a slackware user, but in the past I've used fwbuilder. It was pretty versatile and even let me customize the firewall on my hacked Linksys WRT54G router.

Just running as an internet client, I don't use anything but a rc.firewall script in my /etc/rc.d directory that has a few simple iptables rules in it.

I use arno-iptables-firewall from http://www.linuxpackages.net.

rc.firewall for me. I have a few custom ports for my UT server:

Code:

#!/bin/bash



 start() {

    echo "Starting Firewall..."

    iptables -F

    iptables -P INPUT DROP

    iptables -P FORWARD DROP



 #  iptables -A INPUT  -i lo -j ACCEPT

    iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --destination-port 7777 -j ACCEPT

    iptables -A INPUT -p udp -d localhost --destination-port 7778 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --destination-port 50000 -j ACCEPT

    iptables -A INPUT -p udp -d localhost --destination-port 50000 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --destination-port 61031 -j ACCEPT

    iptables -A INPUT -p udp -d localhost --destination-port 61031 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --destination-port 113 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --source-port 20 -j ACCEPT

    iptables -A INPUT -p tcp -d localhost --destination-port 0 -j DROP

    iptables -A INPUT -p tcp -d localhost --destination-port 1 -j DROP

    iptables -A INPUT -p udp ! --destination-port 25 -j ACCEPT

    iptables -A INPUT -p tcp ! --syn -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type redirect -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type router-advertisement -j ACCEPT

    iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT



    iptables -L | sed 's/        / /' | sed 's/          / /g' | sed 's/    / /g'

    echo

 }



 stop() {

    echo "Stopping firewall"

    iptables -F

    iptables -P INPUT ACCEPT

    iptables -P FORWARD ACCEPT

    echo

 }



 case "$1" in

    start)

    start

    ;;

    stop)

    stop

    ;;

    restart)

    stop

    start

    ;;

 esac

I use a D-Link router/modem combination, with an inbuilt firewall. Although I wouldn't recommend D-link to anyone. I've just had a load of problems with it and I'll be getting a new one soon. But the solution itself works very well for me. It actually takes some of the weight off your shoulder when you're no longer running your firewall on your pc. Also makes it easier to plug other pc's to my network that don't necessarily have a firewall.

I use Firestarter. Easy to configure and it lets me share my wired connection through the laptop's wifi card with other machines in the house.

Guarddog.
Simple, easy.