Comments on: Simple Software Firewall with a Twist

by: opc0d3

Sun, 07 Jun 2009 15:32:08 +0000

old iptables is for minimalist.

by: bmw

Mon, 10 Nov 2008 21:58:11 +0000

Check out the Linux project for Peerguardian, MoBlock, at http://developer.berlios.de/projects/moblock/

by: ngpd

Fri, 30 May 2008 11:42:49 +0000

Security is enhanced by defence in depth, so even if you have enabled the firewall on your router it is worthwhile running firewall software on your machine. Also, if there are any other machines on your internal network, a personal firewall will protect you against malware running on them - this is particularly necessary if you are using a wireless network, as you can never be sure who else is sharing your network!

by: rcbranco

Tue, 27 May 2008 18:40:46 +0000

I agree, there’s nothing better security wise. In the other hand when the network is complex it takes a lot of work maintaining someone else’s script. A graphical interface in those cases is always handy

by: samuel clark

Sat, 24 May 2008 23:22:34 +0000

Both you and Matador fail to notice or note that Firestarter has the ability to blacklist ALL outgoing services, allowing access only with approval via Firestarter’s root access [password required].Like ZONEALARM and many other SPENDows firewall applications, you have the ability to work at the highest level of restriction by default.

What the article fails to note is that FIRESTARTER is simply a program to control built in firewall support [iptables] present within Linux, an evolution from the original offering that added iptables support when not present.

Most SPENDows users will be very comfortable using FIRESTARTER, as the wizard does all necessary work to turn on an operating system level firewall control.

You have to go beyond what you see in the article to fully appreciate the power of this free add-on desktop firewall.

by: jeffatrackaid

Sat, 24 May 2008 18:40:13 +0000

On the desktop, I see egress filtering as the greatest challenge. Most networks (I hope) are using a gateway firewall, so the real threat from the desktop is that it will start accessing resources that it should not. This is where MS Windows firewalls excel. If an application connects to a resource, you have to approve it. I don’t know of a similar app for Linux?

by: John Little

Sat, 24 May 2008 01:06:33 +0000

Most if not all applications use a port #. Do a little digging, get the correct port and allow it through your firewall from your LAN. That said most distributions that I have used allow any application originating from the LAN side out to the internet and the returning traffic back in.

by: John Little

Sat, 24 May 2008 01:00:56 +0000

Yeah but it’s pretty basic..I learned the hard way. If you don’t have a linux gateway where you can use iptables then I would use firestarter on your workstations. If you have a home base web server, ftp, or anything else that you want accessible from the internet this is even more true. just my .02

by: stoggy

Fri, 23 May 2008 16:16:16 +0000

/Quote
But what I think Linux is missing is a fw that controls outgoing traffic by application (like Zonealarm in windows).
/Quote

you can do this, by cmd name, by uid, by gid, by pid, and by sid. its in the man page. try “man iptables” then hit “/” and type “owner” and hit enter. I just reloaded and in the man file i got this at the end of the section, “NOTE: pid, sid and command matching are broken on SMP” So your mileage may vary.

/Quote
but I was wondering if it was worth having if my network is running through a LinkSys router. Doesn’t the router have a built in firewall?
/Quote

Yes, you cant make a firewall at the router that can block all types of attacks. So you have to fine tune at the desktops. Now you could put something like snort at the router or behind it, goodluck getting that on your Linksys though. Which could reduce the need for desktop firewalls but with tools like firestarter and others the risk doesn’t justify the gains.

by: mjnbrn

Fri, 23 May 2008 04:22:11 +0000

What is wrong w/ good ol’ iptables?