Firewall Software, What do you use and how well do you like it?

agentc0re · 07-03-2007, 05:12 PM

I currently use IPCOP w/QOS and NTOP addon. my machine has been locking up since then and i've been wanting to test out other firewall software. would like to get some input from any fellow slackers that use something other than IPCOP.

for me, ipcop does work great, just wondering what else is out there.

pljvaldez · 07-03-2007, 05:31 PM

I'm not a slackware user, but in the past I've used fwbuilder. It was pretty versatile and even let me customize the firewall on my hacked Linksys WRT54G router.

rigelan · 07-03-2007, 05:51 PM

Just running as an internet client, I don't use anything but a rc.firewall script in my /etc/rc.d directory that has a few simple iptables rules in it.

Road_map · 07-03-2007, 06:07 PM

I use arno-iptables-firewall from http://www.linuxpackages.net.

dive · 07-03-2007, 07:58 PM

rc.firewall for me. I have a few custom ports for my UT server:

Code:

#!/bin/bash

 start() {
     echo "Starting Firewall..."
     iptables -F
     iptables -P INPUT DROP
     iptables -P FORWARD DROP

 #   iptables -A INPUT  -i lo -j ACCEPT
     iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --destination-port 7777 -j ACCEPT
     iptables -A INPUT -p udp -d localhost --destination-port 7778 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --destination-port 50000 -j ACCEPT
     iptables -A INPUT -p udp -d localhost --destination-port 50000 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --destination-port 61031 -j ACCEPT
     iptables -A INPUT -p udp -d localhost --destination-port 61031 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --destination-port 113 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --source-port 20 -j ACCEPT
     iptables -A INPUT -p tcp -d localhost --destination-port 0 -j DROP
     iptables -A INPUT -p tcp -d localhost --destination-port 1 -j DROP
     iptables -A INPUT -p udp ! --destination-port 25 -j ACCEPT
     iptables -A INPUT -p tcp ! --syn -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type redirect -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type router-advertisement -j ACCEPT
     iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

     iptables -L | sed 's/        / /' | sed 's/           / /g' | sed 's/     / /g'
     echo
 }

 stop() {
     echo "Stopping firewall"
     iptables -F
     iptables -P INPUT ACCEPT
     iptables -P FORWARD ACCEPT
     echo
 }

 case "$1" in
     start)
     start
     ;;
     stop)
     stop
     ;;
     restart)
     stop
     start
     ;;
 esac

Datamike · 07-04-2007, 12:24 AM

I use a D-Link router/modem combination, with an inbuilt firewall. Although I wouldn't recommend D-link to anyone. I've just had a load of problems with it and I'll be getting a new one soon. But the solution itself works very well for me. It actually takes some of the weight off your shoulder when you're no longer running your firewall on your pc. Also makes it easier to plug other pc's to my network that don't necessarily have a firewall.

slackist · 07-04-2007, 11:31 AM

I use Firestarter. Easy to configure and it lets me share my wired connection through the laptop's wifi card with other machines in the house.

adriv · 07-04-2007, 12:17 PM

Guarddog.
Simple, easy.