SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using Slackware 12.2
Can someone point me to a script for iptables?
I'm new to networking and firewalls.
Is there a gui that would be helpful?
I have a computer with a broadband connection to the internet.
I use the computer for personal use.
There is a script supplied in /etc/ppp/firewall-standalone that can be copied to /etc/rc.d/rc.firewall and made executable so that it runs automatically at boot. Change the EXTIF to suit your network connection.
The script is very simple, it just blocks all incoming connection attempts, but sounds like it would suit your needs at this time.
I've used Arno's script over the last few years and it's probably the easiest way (I think it's even easier than using a GUI) to setup a firewall. The script is well documented and constantly updated.
someone mentioned arno's - that's good.
i use firehol - also very easy to setup.
Quote:
I'm new to networking and firewalls.
firewalls are not for the faint-hearted if
you want to do it yourself. using any of the
above methods will be quite easy.
Quote:
Is there a gui that would be helpful?
the above methods are so easy it would almost
be tragic to use a GUI. besides - you're using
slackware, so be prepared for a bit of command
line stuff. also, the configs will likely have to
be done as root - and i hope you don't run X
as root.
Quote:
I have a computer with a broadband connection to the internet.
then you will definitely want a firewall. altho' many
times the router can do that for you. if your needs
are simple (ie fetch http, mail etc) then that will
be enough. if you want to download torrents or provide
some services (web,mail,(s)ftp,ssh etc) outwards, then
you will need a firewall (and maybe a bridged router).
If you're using a router, it acts as a firewall basically - blocks all outgoing connections until you manually enable port-forwarding and forward a local port to the gateway. So in most cases you will not need a firewall. Of course, if your computer IP is directly exposed to the internet (i.e. a normal modem) or you need to block a lot of incoming traffic as well as outgoing traffic, you will need a strong and possibly restrictive firewall.
If you're using KDE, guarddog is what I found to be most intuitive from the point of view of commonly used services/ports for incoming and outgoing network traffic.
My advise is, if you can manage it, avoid direct internet connection (i.e. your machine's IP is the remote IP) and always use a router or a firewall in-between.
Last edited by vharishankar; 07-12-2009 at 10:14 AM.
Customizing a router firewall is not feasible. So additional firewall(s) will aid you in establishing a secure environment.
Yes, but for 99% of desktop use, where you're not even running additional services is secure for most of us.
Of course, if you're paranoid, you can implement a stricter firewall rule, but ultimately I believe in a reasonable amount of protection, but also convenience. There should be a balance between the two.
Using a strict firewall often will prevent you from using VoIP chat (like SIP) and also many multi-player games which a lot of people play. Debugging the firewall rule in such cases can be frustrating sometimes, especially if the ports used by the games are not standard or keep changing dynamically.
My advice is yes, use a firewall by all means. But learn what it does and how it works, not merely implement a rule blindly because a script automatically generates one for you.
Last edited by vharishankar; 07-12-2009 at 11:05 AM.
Here's one I came up with by tweaking the one over at linux.org tutorials...just set the variables at the top correctly, then delete any of the services that you don't need. As I'm adding out rules it is more secure, but also more likely to interfere with your programs.
#!/bin/sh
# first, load module that helps with ftp
/sbin/modprobe ip_conntrack_ftp
# start by flushing the rules
$IPTABLES -F
# delete any user-created chains
$IPTABLES -X
## allow packets coming from/going to the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
# block spoofing-packet coming in to my machine where source is 127.0.0.1 and
# not loopback interface.
$IPTABLES -A INPUT -s 127.0.0.0/8 -i ! lo -j DROP
# block spoofing-packet coming in to my machine with my IP
# (would use loopback with IP of 127.0.0.1, not actual IP)
$IPTABLES -A INPUT -s $MY_IP -j DROP
# stop bad packets
$IPTABLES -A INPUT -m state --state INVALID -j DROP
# NMAP FIN/URG/PSH
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
# stop Xmas Tree type scanning
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# stop null scanning
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL NONE -j DROP
# SYN/RST
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# SYN/FIN
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# stop sync flood
$IPTABLES -N SYNFLOOD
$IPTABLES -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN
$IPTABLES -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp -m state --state NEW -j SYNFLOOD
# stop ping flood attack
$IPTABLES -N PING
$IPTABLES -A PING -p icmp --icmp-type echo-request -m limit --limit 1/second -j RETURN
$IPTABLES -A PING -p icmp -j REJECT
$IPTABLES -I INPUT -p icmp --icmp-type echo-request -m state --state NEW -j PING
#################################
## What we allow
#################################
# http
$IPTABLES -A INPUT -p tcp --sport 80 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 80 -j ACCEPT
# https
$IPTABLES -A INPUT -p tcp --sport 443 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 443 -j ACCEPT
# dns client
$IPTABLES -A INPUT -p tcp --sport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
# ftp, sftp
$IPTABLES -A INPUT -p tcp --sport 20:21 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 20:21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 989:990 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 989:990 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 20:21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 989:990 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 989:990 -j ACCEPT
$IPTABLES -A INPUT -m helper --helper ftp -j ACCEPT
$IPTABLES -A OUTPUT -m helper --helper ftp -j ACCEPT
# pop2, pop3, secure pop3
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 109:110 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 109:110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 995 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 995 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 109:110 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 109:110 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 995 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 995 -j ACCEPT
# imap2, imap3, secure imap
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 220 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 220 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 993 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 220 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 220 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 993 -j ACCEPT
# dhcp (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p udp --sport 67:68 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 67:68 -d $MY_NETWORK/16 -j ACCEPT
# nfs (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 2049 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 2049 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 2049 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 2049 -d $MY_NETWORK/16 -j ACCEPT
# ntp (network time protocol)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 123 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 123 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 123 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 123 -j ACCEPT
# ping (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p icmp -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -d $MY_NETWORK/16 -j ACCEPT
# cups (internet printing protocol, line printer)
# (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p tcp --sport 515 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 631 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 631 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 515 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 631 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 631 -d $MY_NETWORK/16 -j ACCEPT
# samba with netbios (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 137:139 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 137:139 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 137:139 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 137:139 -d $MY_NETWORK/16 -j ACCEPT
# mysql (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p tcp --sport 3306 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 3306 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 3306 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 3306 -d $MY_NETWORK/16 -j ACCEPT
# block all incoming/outgoing that don't match rules above. must be last
# rule, or overrides other rules and blocks everything.
$IPTABLES -A INPUT -j DROP
$IPTABLES -A OUTPUT -j DROP
Here's one I came up with by tweaking the one over at linux.org tutorials...just set the variables at the top correctly, then delete any of the services that you don't need. As I'm adding out rules it is more secure, but also more likely to interfere with your programs.
Code:
#!/bin/sh
# first, load module that helps with ftp
/sbin/modprobe ip_conntrack_ftp
IPTABLES=/sbin/iptables
INTERFACE=eth0
MY_IP=x.x.x.x
MY_NETWORK=x.x.x.0
# start by flushing the rules
$IPTABLES -F
# delete any user-created chains
$IPTABLES -X
## allow packets coming from/going to the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
# block spoofing-packet coming in to my machine where source is 127.0.0.1 and
# not loopback interface.
$IPTABLES -A INPUT -s 127.0.0.0/8 -i ! lo -j DROP
# block spoofing-packet coming in to my machine with my IP
# (would use loopback with IP of 127.0.0.1, not actual IP)
$IPTABLES -A INPUT -s $MY_IP -j DROP
# stop bad packets
$IPTABLES -A INPUT -m state --state INVALID -j DROP
# NMAP FIN/URG/PSH
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
# stop Xmas Tree type scanning
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# stop null scanning
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags ALL NONE -j DROP
# SYN/RST
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# SYN/FIN
$IPTABLES -A INPUT -i $INTERFACE -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# stop sync flood
$IPTABLES -N SYNFLOOD
$IPTABLES -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN
$IPTABLES -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp -m state --state NEW -j SYNFLOOD
# stop ping flood attack
$IPTABLES -N PING
$IPTABLES -A PING -p icmp --icmp-type echo-request -m limit --limit 1/second -j RETURN
$IPTABLES -A PING -p icmp -j REJECT
$IPTABLES -I INPUT -p icmp --icmp-type echo-request -m state --state NEW -j PING
#################################
## What we allow
#################################
# http
$IPTABLES -A INPUT -p tcp --sport 80 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 80 -j ACCEPT
# https
$IPTABLES -A INPUT -p tcp --sport 443 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 443 -j ACCEPT
# dns client
$IPTABLES -A INPUT -p tcp --sport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
# ftp, sftp
$IPTABLES -A INPUT -p tcp --sport 20:21 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 20:21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 989:990 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 989:990 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 20:21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 989:990 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 989:990 -j ACCEPT
$IPTABLES -A INPUT -m helper --helper ftp -j ACCEPT
$IPTABLES -A OUTPUT -m helper --helper ftp -j ACCEPT
# pop2, pop3, secure pop3
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 109:110 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 109:110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 995 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 995 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 109:110 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 109:110 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 995 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 995 -j ACCEPT
# imap2, imap3, secure imap
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 220 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 220 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 993 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 220 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 220 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 993 -j ACCEPT
# dhcp (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p udp --sport 67:68 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 67:68 -d $MY_NETWORK/16 -j ACCEPT
# nfs (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 2049 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 2049 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 2049 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 2049 -d $MY_NETWORK/16 -j ACCEPT
# ntp (network time protocol)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 123 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 123 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 123 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 123 -j ACCEPT
# ssh (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p tcp --sport 22 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 22 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 22 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 22 -d $MY_NETWORK/16 -j ACCEPT
# ping (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p icmp -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -d $MY_NETWORK/16 -j ACCEPT
# cups (internet printing protocol, line printer)
# (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p tcp --sport 515 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 631 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 631 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 515 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 631 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 631 -d $MY_NETWORK/16 -j ACCEPT
# samba with netbios (only send/receive packets to/from my subnet)
## NOT TESTED ##
$IPTABLES -A INPUT -p tcp --sport 137:139 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 137:139 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 137:139 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 137:139 -d $MY_NETWORK/16 -j ACCEPT
# mysql (only send/receive packets to/from my subnet)
$IPTABLES -A INPUT -p tcp --sport 3306 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 3306 -s $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 3306 -d $MY_NETWORK/16 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 3306 -d $MY_NETWORK/16 -j ACCEPT
# block all incoming/outgoing that don't match rules above. must be last
# rule, or overrides other rules and blocks everything.
$IPTABLES -A INPUT -j DROP
$IPTABLES -A OUTPUT -j DROP
It would be nice if you place the long listings in the vbcode tags. Like I did in the quote of your post. If you use the vbcode tags the post will be cleaner therefore easier to read. You can edit your post then highlight the list, click code(#) or Quote(balloon to the left of #).
Thanks for the replies. I have some things I can study.
I have a couple more questions:
Quote:
hs123
My advise is, if you can manage it, avoid direct internet connection (i.e. your machine's IP is the remote IP) and always use a router or a firewall in-between.
Yesterday 09:05 AM
If I use a firewall such as Iptables will that hide the IP of my machine?
Quote:
Mark Pettit
the above methods are so easy it would almost
be tragic to use a GUI. besides - you're using
slackware, so be prepared for a bit of command
line stuff. also, the configs will likely have to
be done as root - and i hope you don't run X
as root.
Why is it a problem to use a gui when running as root?
Is it better to run a firewall as a dedicated firewall like IPCop or
a router, rather than on the same computer or does it matter?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.