| 1 |
Matt Randolph schreef: |
| 2 |
> I've seen related threads here recently, but I think my question is |
| 3 |
> different enough to warrant a new thread. |
| 4 |
|
| 5 |
I think you're not quite right :), but I can see why you'd think this. |
| 6 |
> |
| 7 |
> I'm looking for a personal firewall along the lines of the ZoneAlarm |
| 8 |
> product for Windows. I don't want to take the time to teach myself |
| 9 |
> iptables if there is a simple alternative. |
| 10 |
|
| 11 |
Sure there is; just use one of the many GUI front ends for iptables that |
| 12 |
are "pre-set", as it were, for personal (workstation) settings, rather |
| 13 |
than router or server settings. |
| 14 |
|
| 15 |
As far as I can see, iptables *is* the firewall, but that doesn't mean |
| 16 |
you have to go all full-bore with it. |
| 17 |
|
| 18 |
> I'm not trying to do anything complicated like protect a LAN or include |
| 19 |
> a DMZ or run an ftp server or anything like that. I'm just looking for |
| 20 |
> a quick and easy way to add another layer of protection to my desktop by |
| 21 |
> closing all unused ports. |
| 22 |
> A GUI is preferred but is not required. |
| 23 |
> |
| 24 |
> Any suggestions? |
| 25 |
> |
| 26 |
> (If you dare answer,) what firewall do you use and why did you choose it? |
| 27 |
|
| 28 |
I use (the) firestarter (frontend for iptables). It seems quite clever; |
| 29 |
I still appear to ShieldsUP! as stealth (including those ports I have |
| 30 |
forwarded to be open to specific apps), but those applications/services |
| 31 |
which are set to use specific ports via UDP (azureus, for example), are |
| 32 |
able to pass through without issue (and in fact without my having to |
| 33 |
specifically configure Firestarter to allow them to, although I did, |
| 34 |
because of the UDP, I believe). |
| 35 |
|
| 36 |
Firestarter has specific pre-sets to allow various known services |
| 37 |
through the firewall, and runs as a daemon, though there's a GUI you can |
| 38 |
run in the tray if you often need to check or reconfigure something. I |
| 39 |
ran the tray applet the first day; it seemed to work well, so I don't |
| 40 |
run it any more unless something changes on my system as a whole (I |
| 41 |
started running an ftp server, for example), and I would need to |
| 42 |
reconfigure slightly. |
| 43 |
|
| 44 |
Firestarter was recommended to me by the Shorewall page: |
| 45 |
|
| 46 |
> Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives: |
| 47 |
> |
| 48 |
> * |
| 49 |
> |
| 50 |
> http://www.m0n0.ch/wall/ |
| 51 |
> * |
| 52 |
> |
| 53 |
> http://www.fs-security.com/ |
| 54 |
> |
| 55 |
|
| 56 |
|
| 57 |
Firestarter is the second link. |
| 58 |
|
| 59 |
HTH, |
| 60 |
Holly |
| 61 |
-- |
| 62 |
gentoo-user@g.o mailing list |
Archives