What is the best Linux firewall?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: What is the best Linux firewall?

  1. #1
    Banned
    Join Date
    Jun 2003
    Posts
    29

    Question What is the best Linux firewall?

    Hey, I'm currently setting up an apache server on Linux SuSE 8.1 Pro. and I'm using the Firewall that came with the OS (SuSE Firewall 2) but I was wondering is this a bad firewall or are there better ones out there.
    I know that a firewall is only as good as the rules for it are set. However help is needed.
    Thanks in advance!

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    You answered your own question by saying "the firewall is only as good as the rules for it are set" i see it as coke or pepsi ,sprite or 7-up, ipfw or ipfilter , .......
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I agree. The rules you set for it make it good. The SuSE firewall is a good one and when you set it up it does do good. Basically just set up your rules to work how you want and you should be fine

    SuSE OWNS.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    Nah, come on everyone, for linux iptables is the best firewall . (or ipchains if you haven't reset your linux box to upgrade for a few years)
    Google for iptables if you need more information on setting up and configuring.

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Posts
    19
    Have to agree with The3ntropy, iptables is the best around.

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    A firewall is a firewall regardless of who makes it or what it is. The defining points that make it a bad, good, or the best firewall are few. They include the user. This is the main point. I could take iptables (since The3ntropy feels it is the best) and I could take Outpost for Windows.. I could spend hours setting up Outpost and then add one rule to iptables that says allow all. I think it'd be obviously there which firewall is better. At the same time the customization plays a big part. Does your firewall let you customize things as much as you like. Visnetic Firewall from Deerfield.com would be a good example of this. IMHO they have built a great PC firewall but they have one BIG flaw. If you are a DSL user you need PPPoE enabled, however they have this blocked in a category they refer to as "Other Protocols". I can't enable just PPPoE.. I have to enable all of their "Other Protocols", this doesn't exactly allow for the customization I want. If you are a competent user and your firewall is fully customizable then you can't define bad, good or best.

    As a side note SuSE Firewall2 is simply a script. It uses iptables to do it's actual firewalling.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    The whole garbage about something being only as good as it is configured is really a BS answer. Different firewalls, like different operating systems offer different architectures and functionalities and levels of assurance.

    If you are looking for a firewall that can verify the actual content of the data iptables is utterly worthless as it lacks this functionality. Just like Zone Alarm can prevent specific programs from sending connections and IPF cannot, IPF can hold state on UDP packets and Zone Alarm cannot. These are all different questions of functionality. After this comes level of assurances, for examples of assurance criteria, checkout the following ISO-15408 evaluations
    http://www.radium.ncsc.mil/tpep/epl/cc_st.html

    How does all of this relate to you SirDirge? Since it doesn't sound like you are segregating network traffic is you only wish to protect a single server (if this is the case) I do not think that a packet filtering type firewall would work well for you as you should close all the ports you don't want open rather than filtering them. A filtering firewall will not protect the services that you are allowing either. In this type of situation, though I am not sure your skill level, the FireWall Tool Kit (http://www.fwtk.org/ )is very good as it can actually protect the services that you are allowing everyone access to. Other commercial solutions are better of course, but FWTK is free. (it also has modules to handle port filtering as well if you decide you need it.)

    catch

  8. #8
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    A dedicated oBSD box with authPF and packet filtering is nice and cozy.

  9. #9
    Banned
    Join Date
    Jun 2003
    Posts
    29
    Thanks to you all. Your help was much apreciated.

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    472
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •