1 |
Matt Randolph schreef: |
2 |
> I've seen related threads here recently, but I think my question is |
3 |
> different enough to warrant a new thread. |
4 |
|
5 |
I think you're not quite right :), but I can see why you'd think this. |
6 |
> |
7 |
> I'm looking for a personal firewall along the lines of the ZoneAlarm |
8 |
> product for Windows. I don't want to take the time to teach myself |
9 |
> iptables if there is a simple alternative. |
10 |
|
11 |
Sure there is; just use one of the many GUI front ends for iptables that |
12 |
are "pre-set", as it were, for personal (workstation) settings, rather |
13 |
than router or server settings. |
14 |
|
15 |
As far as I can see, iptables *is* the firewall, but that doesn't mean |
16 |
you have to go all full-bore with it. |
17 |
|
18 |
> I'm not trying to do anything complicated like protect a LAN or include |
19 |
> a DMZ or run an ftp server or anything like that. I'm just looking for |
20 |
> a quick and easy way to add another layer of protection to my desktop by |
21 |
> closing all unused ports. |
22 |
> A GUI is preferred but is not required. |
23 |
> |
24 |
> Any suggestions? |
25 |
> |
26 |
> (If you dare answer,) what firewall do you use and why did you choose it? |
27 |
|
28 |
I use (the) firestarter (frontend for iptables). It seems quite clever; |
29 |
I still appear to ShieldsUP! as stealth (including those ports I have |
30 |
forwarded to be open to specific apps), but those applications/services |
31 |
which are set to use specific ports via UDP (azureus, for example), are |
32 |
able to pass through without issue (and in fact without my having to |
33 |
specifically configure Firestarter to allow them to, although I did, |
34 |
because of the UDP, I believe). |
35 |
|
36 |
Firestarter has specific pre-sets to allow various known services |
37 |
through the firewall, and runs as a daemon, though there's a GUI you can |
38 |
run in the tray if you often need to check or reconfigure something. I |
39 |
ran the tray applet the first day; it seemed to work well, so I don't |
40 |
run it any more unless something changes on my system as a whole (I |
41 |
started running an ftp server, for example), and I would need to |
42 |
reconfigure slightly. |
43 |
|
44 |
Firestarter was recommended to me by the Shorewall page: |
45 |
|
46 |
> Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives: |
47 |
> |
48 |
> * |
49 |
> |
50 |
> http://www.m0n0.ch/wall/ |
51 |
> * |
52 |
> |
53 |
> http://www.fs-security.com/ |
54 |
> |
55 |
|
56 |
|
57 |
Firestarter is the second link. |
58 |
|
59 |
HTH, |
60 |
Holly |
61 |
-- |
62 |
gentoo-user@g.o mailing list |