Firewalls are tricky. Outbound firewalls even more so. Application firewalls even more MOAR so. To wit, let's talk about Leopard Flower, a funnily named per-app protector of your bytes and a knight of the vale. This should be interesting. Enjoy. http://www.ocsmag.com/2016/03/16/leopard-firewall-protect-your-bytes/ Cheers, Mrk
The article nails it: "The sad reality is, if you need, or think you need, security software for Linux, then you have a much bigger problem than the choice of particular programs you will be using. Furthermore, the usage of software mandates knowledge, which on its own, precludes or supersedes the actual need for it. This is the Dunning-Kruger of software. Outbound firewall control, especially the per-application concept, has many philosophical and practical issues. There’s the simple matter of containing damage. Which is best contained by avoiding it in the first place. If you don’t land baddies onto your system, there’s no need to fight them."
surprised to see you agreeing with this, amarildojr. "not needed in linux" is wrong, is blind, is ignorant. It is NOT necessarily about "malware" -- case in point: your recent battling with geoclue You trust your distro maintainers. You only install software (presumably vetted) from your distro's repos... and wind up with "overly social" or otherwise "overly trusting" (leaky) applications on your PC. In earlier posts here at wilders, I've raised the example of "akonadi" (preinstalled by many distros and pre-configured as the default music player) https://www.wilderssecurity.com/threads/iptables-and-path-based-outbound-rules.333138/#post-2152665 https://www.wilderssecurity.com/threads/let-me-put-my-tinfoil-hat-on.352385/page-2#post-2272812 Even if you visit akonadi's setting dialog today, and deselect "retrieve album art from siteX", "scrobble my goblin lastFM" etc. without notice, without opt-in, when KDE devs decided to "partner" with yet another helpful-harriet remote site/server and that updated akonadi version get pushed onto your PC via your repo updates... a new tickbox, a new pref (oh-so-helpfully preconfigured "enabled" by default) has your copy of akonadi silently calling out to the site of the new "partner". kernel namespaces. wrapper script, UNSHARE -n ...'cept you gotta have root permission to "unshare", and many apps will fail unless you at least permit "socket" network access. Non-root linux user is castrated, unable to institute and manage an outbound "default deny" network policy. An Apparmor approach is fine, or will be, when every package installed from distro ships with a pre-written policy and user can elect at time of install "no, the application I'm installing should not have network access".
"Security software" can mean a lot on things. I agree that we don't need AV/AM/etc on Linux, but a good firewall is essential (not the kind of firewall the article presents, though).