Firewalls for Linux

I've had some good replies with this before, but I am kind of curious what the Slackware users here use as a firewall.

Not a hardware firewall, or a "Linux Firewall Distro" Just a firewall you installed on a Slackware box and found to be good. The ones I find are usually just a front end for IPTables or something like that, which is fine, but they are also usually crap.The two I have liked the best are SuSEFirewall2 and the RedHat firewall. They both seemed to work better than a few others I used. So, what firewall do you use for your Linux boxes?

It's probably been months since I looked into this last so I need a boost back into some new firewalls for Linux that don't suck, and don't require a machine. I don't really care how great a firewall is if I have to use one of my boxes because it's a Linux distro itself.

Google pulled up a few things that were OK, but I havn't used any of these and want an opinion on which ones you have actually used before and liked.

I have actually yet to find myself a good FW for Slackware, but maybe that's because I don't know where to look. Got any good suggestions gore?

-Cheers-

If I did I wouldn't have made this thread.

Quote:

---

If I did I wouldn't have made this thread.

---

:) Good point... I took a look here and it had some pretty interesting information. It may be worth your time to take a gander.

-Cheers-

both the "firewalls" you listed are just iptable front ends, just thought you should know

i love you both but why go with software unless ure pretty much on dial up which is rare these days.... most, pretty sure all, routers come with a firewall in them that u can figure to the upmost extent.. i dont know whyd youd want to waste ur precious resources or whatever htey are in linux on a software firewall..??

as for any that i know of.. i know 0, i played with the rh9 firewall for bou 1 hour and gave up =P

Quote:

---

Originally posted here by RiOtEr
both the "firewalls" you listed are just iptable front ends, just thought you should know

---

Yea, I know, I think I made a typo. I was saying that most firewalls were just front ends for IPTables, and my two favorites were the RedHat and SuSE walls, as I thought they were great. Easy and fast to set up, and then you can edit it by hand when you have more time if you were in a hurry to just get something installed.

Heh, I got to quit making posts when I'm backing up my Pron and Mp3s.

I use iptables as the ip packet filtering process (firewall) and firestarter as the front end gui configuration.

Iptables is a killer and proven method for years, beyond tcp wrappers, and the prodigy child of ipchains.... Do we even need anything else?

Firestarter?

http://firestarter.sourceforge.net/

Front end gui configuration tool to set up IP tables quickly and in depth. The gui itself allows for firewall monitoring of the connections, as well as right click rule fine tune defining :)


edit If you wanted just a firewall instead of an OS + firewall, I highly recommend smoothwall. Consider it an OS that -is- nothing but a firewall.

http://www.smoothwall.org/

Quote:

---

Originally posted here by madjag291
i love you both but why go with software unless ure pretty much on dial up which is rare these days.... most, pretty sure all, routers come with a firewall in them that u can figure to the upmost extent.. i dont know whyd youd want to waste ur precious resources or whatever htey are in linux on a software firewall..??

as for any that i know of.. i know 0, i played with the rh9 firewall for bou 1 hour and gave up =P

---

I have found routers (home ones anyways) make filesharing crappy and slowwwww.

I never bothered with firewall for slackware, no point unless on a network with other boxes and then you should have a hardware firewall anyways. Anyhoo , isn't IPFW available for linux? Its syntax is a million times easier to use than iptables.

I use iptables too

used to write them in /etc/rc.d/rc.local but now append it to /etc/rc.d/rc.ip_forward

Working on a new script for my firewall at home, will feature some of iptabels lesser known functions like the tarpit from the patch-o-matic extra's http://www.netfilter.org/patch-o-matic/pom-extra.html
http://www.securityfocus.com/infocus/1723

I prefer not to use a GUI to configure

I have always used shorewall . It came with my first distro (mandrake) and learning IPtables has been on the backburner. Shorewall is easy to configure IPtables script; it can sit on a gateway box or a standalone, whatever your want. It accomodates most if not all the features of IPtables.

I really like FW-Jay for setting up IPTables. It's really easy, has many options, isn't a large program, and can be run directly from the terminal.

http://firewall-jay.sourceforge.net/

It's got alot of great features, like port forwarding if needed, an ad blocking option (blocks IPs of servers ads are on), very easy to configure and easy to use.

MB

Quote:

---

Originally posted here by lumpyporridge
I have found routers (home ones anyways) make filesharing crappy and slowwwww.

---

That's why you don't get a home router when you plan on doing massive sharing and etc, you get a industrial router with better capabilities.. ;)

Quote:

---

Different firewalls, like different operating systems offer different architectures and functionalities and levels of assurance.

If you are looking for a firewall that can verify the actual content of the data iptables is utterly worthless as it lacks this functionality.

---

Commander Data

http://www.antionline.com/showthread...hreadid=245733

FWTK on Linux

Code:

---

ftp://ftp.tis.com/pub/firewalls/toolkit/fwtk-v1.3.tar.Z

---

http://www.linuxjournal.com/article.php?sid=1204
http://www.pauck.de/marco/misc/fwtk_on_linux.html

"Useful Linux resources include the Linux NET-2 HOWTO, the Linux Firewall HOWTO, the Linux Multiple Ethernet mini-HOWTO, and the Linux Kernel HOWTO. All of these are available on sunsite.unc.edu, tsx-11.mit.edu, and their mirrors."

Several excellent books on firewalls are:

Firewalls and Internet Security. Cheswick & Bellovin, Addison Wesley.
Building Internet Firewalls. Chapman & Zwicky, O'Reilly & Associates.
Internet Firewalls and Network Security. Siyan & Hare, New Riders Publishing.

Quote:

---

Originally posted here by lumpyporridge
I have found routers (home ones anyways) make filesharing crappy and slowwwww.

I never bothered with firewall for slackware, no point unless on a network with other boxes and then you should have a hardware firewall anyways. Anyhoo , isn't IPFW available for linux? Its syntax is a million times easier to use than iptables.

---

No point in having a firewall for slackware, unless you're on a neetwork with other boxes? Uhm ... Do you know what the inter[net] is?

Quote:

---

Originally posted here by SexyBadGirl
No point in having a firewall for slackware, unless you're on a neetwork with other boxes? Uhm ... Do you know what the inter[net] is?

---

Qualify your statement, your a smart guy. Prove me wrong with info instead of half assed comments I expect better from you than just cheap vitriol. Wtf is someone gonna do to a home box with no services exposed and nothing to exploit?

After rereading , i will clarify although the intention was quite obvious was it not?
"no point unless on your home network with other boxes and then you should have a hardware firewall anyways if connected to the internet. "

And ignore the above post as i had misinterpeted quad/sbgs statement due to not realizing mine was not obvious enough for him/her.

Quote:

---

Originally posted here by lumpyporridge
After rereading , i will clarify although the intention was quite obvious was it not?
"no point unless on your home network with other boxes and then you should have a hardware firewall anyways if connected to the internet. "

And ignore the above post as i had misinterpeted quad/sbgs statement due to not realizing mine was not obvious enough for him/her.

---

Sir "Hardware Firewall" & "Physical Firewall" are incorrect terminology, the proper term is "Dedicated Firewall".

Commander Data


just messing with ya.... :)

I have used slackware around 2 to 3 times but i have never really needed a firewall it seemed pretty well secure for what i needed to do. As almost all linux is.

Gore said

Quote:

---

Not a hardware firewall, or a "Linux Firewall Distro" Just a firewall you installed on a Slackware box and found to be good. The ones I find are usually just a front end for IPTables or something like that, which is fine, but they are also usually crap.

---

Don’t know about “crap”, but just not flexible enough and just as hard or harder to learn then learning to write the rules by hand ( i.e. learning IPTables ) ... but then I’m a masochist and write my HTML ( now XHTML ) by hand too! If you can write the rulesets yourself you can use it on any distro.

pooh sun tzu said

Quote:

---

I use iptables as the ip packet filtering process (firewall) and firestarter as the front end gui configuration.

---

Looks interesting ... thanks, I’ll have to experiment with it when I get the time.

lumpyporridge said

Quote:

---

isn't IPFW available for linux?

---

To my knowledge, not since kernel versions 2.0.* .
see X/OS Experts in Open Systems BV

Last time I checked though, IPTables was able, if set up for it, to use old IPFWADM or IPChains rulesets. I have never tried it though and recall seeing somewhere that this may not be supported in the future, but I could be wrong on this.


Anyway, why would you want to revert back to IPFWADM or IPChains for that matter? IPFWADM had limitations on the protocols ( from Linux IP Firewalling Chains

Quote:

---

The older Linux firewalling code doesn't deal with fragments, has 32-bit counters (on Intel at least), doesn't allow specification of protocols other than TCP, UDP or ICMP, can't make large changes atomically, can't specify inverse rules, has some quirks, and can be tough to manage (making it prone to user error).

---

and neither is Stateful.