November 20th, 2003, 03:11 PM
A Good Firewall to use
Can also be gotten from www.gnome.org
For most Linux distros - GUI interface. Easy to configure and use. I have had a lot of luck with it.
Thought others may find it useful as well.
November 20th, 2003, 03:13 PM
Thanks, been looking for some other alternatives!
November 20th, 2003, 03:19 PM
Isn't this just a GUI to make it easier to configure the various build-in Linux firewalls?
Looks nice though.
Experience is something you don't get until just after you need it.
November 20th, 2003, 03:22 PM
For *nix I would reccommend getting to grips with iptables.
try this by er0k:
Or install webmin:
That gives you an easy way to configure.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
November 20th, 2003, 03:24 PM
Essentially what it does is replaces IPTABLES. It will still utilize the built in firewall scheme, although it "replaces" the process on the machine.
Not physically, but in terms of running processes. With Firestarter running, IPTABLES is shown as not running.
So yes, part of it provides a GUI for the OS Firewall, but it extends that ability just a bit.
For me it is certainly convenient, and has been VERY stable, easy to install and use.
It has all the expected capabilities as well - i.e. logging, etc.
It also loads as a process on boot - so it hooks into the OS a bit farther than just a Glade interface.
November 20th, 2003, 03:50 PM
Whoohoo for IPtables. Yes, all this program does it fix up your iprules nicely and easily so, you don't have to muck around with them, there is another good firewall here (http://firewall-jay.sourceforge.net) it's consol based, but it is very nice, and easy to use.
November 20th, 2003, 04:06 PM
I agree with learning ipchains/iptables. That is how I originally learned.
Once I had an understanding and could set things up manually, I found Firestarter to be a nice fast way to make changes on the fly.
I will never argue the point that the base mechanics of things should be studied/learned first. Good points.
November 20th, 2003, 04:08 PM
I have heard good things about firestarter, and I have played around with webmin a little and thought it was very good as well.
I just wanted to throw another config app for iptables, though, and it's the one I use. No gui, but really simple, solid, and all that other good stuff.
November 20th, 2003, 06:03 PM
Well, as good as ipchains / iptables have become they still don't address 1 problem. A firewall *should* be a seperate entity dividing two segments. In the context of a network the firewall should seperate the public/private segments of the network. Many software firewalls don't address this issue. If the attackers are at the door, in many cases its already to late. Case in point would be.
If you had a SW firewall running on the host machine, an attacker could use several automated attack tools to cause the FWs stateful inspection routeens to consume massive ammounts of system resources just to identify and prevent the attacks, resulting is a crude DoS situation.
HW firewalls are the best way to go as a first layer of defence if you can spend the extra money. Then IDS and host-based FW's next. And don't forget USER EDUCATION!!!! The weakest link always breaks first.
BTW I have a couple HW firewalls for sale that are no longer in use. PM if you're interested. 1 linksys, 1 sonicwall
November 20th, 2003, 06:51 PM
Sybase Works Very well for me... and I would NOT Recommend Mcafee Anything..
[gloworange]The Only Way to be Safe is To Never Be Secure.