Idea for Slackware 14.0 - Easy Firewall Generator (clone of AlienBob's)
 

I just realized that Slackware really doesn't include a ready to use Firewall by default that is setup by the user either during installation or post-installation using IPTables.

Why not add a simple extra set of tools to the BusyBox nCurses installer to generate a Firewall using a script program labeled something like "fwconfig" (similar to the current config scripts for Alsa, X11, Network, and such) that operates exactly like the Easy Firewall Generator webpage on AlienBob's (Eric's) website, and makes it executable for the boot sequence.

Would be a nice extra touch, IMO.

Any comments? Good idea? Bad idea? Etc?

+1

This will be a value added in security for 'lazy' slackers like me :)

Great Awesome idea

I think it would be useful, and would improve default security in Slackware.

Not a bad idea at all :-) BTW - Alien, thanks for the generator!

You know of all the things you never think about, it's simple basic security like a Firewall. If Windows, since XP Service Pack 2, can be secure out of the box with it's own pre-configured Firewall, why can't Linux, and especially Slackware have it's own firewall setup tool and firewall script?

You know, of all the Linux distributions out there, how many Linux distributions actually INCLUDE a firewall tool ready to go out of the box for IPTables at installation time? One or two, maybe? But are those mainstream distributions? Probably not.

Time to drop the boulder in the small pond and make a hell of a splash in my opinion.

I believe Debian, Ubuntu, and others of its ilk include ufw and I also believe Fedora has its own gui frontend to iptables.

ReaperX7,

I like that idea a lot. I like and use Eric's script. I think that would be a very welcome addition to 14.0. :)

Well,

I'm glad this subject comes to "mainstream", as I tried to propose a script myself for that but barely had any answers :)...

It was last summer...

I'm still using this script. And have some other useful scripts but I don't have the time to setup a "blog" or something and feed it with "human pleasable" content ;)... But I'd be happy to team up with some folks in order to improve "3rd party slackware utilities"...

Cheers.

Garry.

I've used Ubuntu before but I've never seen them have a ready-to-go Firewall out of the box. I have seen them have available a Firewall like Firestarter and FireHOL but they were never actually included in the general configuration, only in the online downloadable packages.

I wonder how Patrick would feel about a proposal such as this?

It would be nice if your script going to /testing first of Slackware-current. Hope your project will get more attention from Slackware users to try,test, and improve it.

It doesn't hurt everyone :) NoStressHQ is ready now to take an action without Stress :D

Personally, I do not like this idea. I recognise that iptables and firewall scripts are intimidating to new users, but there are many HOWTOs and examples available. Security is an issue that requires study and understanding. Scripts and GUI generators do not provide this.
If the desire is to protect a new user setting up on a home system, then firewall protection is very likely already being provided by the external modem/router.
If the desire is to setup a minimal firewall that blocks everything, then simply copy the already provided '/etc/ppp/firewall-standalone' to '/etc/rc.d/rc.firewall' and change the EXTIF if necessary.
Having a firewall setup at installation will be a hindrance to those trying to setup servers with various servers available.

Not necessarily. The firewall setup can be optional, if one needs it press "yes", and configure and create a rc.firewall script, or press "no" and create the firewall rules manually.

You can always skip that step, which would obviously be provided as other existing tools provide if you feel a manual configuration is more your thing, or no configuration is needed.

The point of the tool's addition isn't to take away from existing tools out there, just supplement what's already there for the end-user who may want to setup his/her own Firewall and make it less a headache while providing a sense of having a tool that makes security readily available if desired.

While SPI Firewall's on Routers and other hardware are effective often sometimes this isn't enough if another computer is or has become compromised.

AlienBob's Firewall script by default when you visit his webpage configures a basic yet powerful Firewall for Dynamic IP Addresses on Single Systems. This should be at minimal, a setup for a normal user during installation. Even without understanding some level of security, the default configuration offers a very solid solution even a novice Linux user would benefit from. If needed the tool can be reran and the script updated to allow things like BitTorrent, MSN, etc. However, currently there is not a tool to do this on the system if it's offline. If you want to use AlienBobs EFG, you have to be online.

For IT professionals there are other tools even in his script that allow for Static IPs, specialized ports, and even application specific allowances, and some of which are server oriented.

http://www.slackware.com/~alien/efg/

If we can have tools to setup Xorg, ALSA, Network Addressing schemes, disk partitions, and even a window manager, why can't we have a tool that sets up a firewall with a basic to advanced level of configuration?

It's true, the core dev team need serious consideration and testing if firewall included during instalation. But the option menu to enable/disable this feature during instalation will solve the problem for user who need advance configuration. IMO, the idea proposed by ReaperX7 is simple (and basic) feature. So everyone can add,modify, or start their EXTIF if needed after post installation without worry.

It's nice if rc.firewall exist by default after instalation (although in blank page when I type nano /etc/rc.d/rc.firewall) :)