Guarddog/Firestarter differences

Discussion in 'other firewalls' started by HURST, Nov 28, 2007.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi

    I'd like to know what are the main differences between guarddog and firestarter.
    I'd also like to know which of these 2 firewalls is better for someone who has used Win most of his life, recently turned to Linux (that's right, I'm talking about me :D ), and has never used another firewall other than the winXP default.
    I don't mind spending some time learning, my vacations start tomorrow :thumb: :D :D :D :D :D
     
  2. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Hello Hurst,

    you don't need a Firewall or a Antivirus if you haven't a Network. Just disable all your Network Services and you are safe, and that's the standard setting with Kubuntu-Ubuntu after Installation.
    Here is a good (german only) link:

    http://wiki.ubuntuusers.de/Sicherheitskonzepte
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Danke! :D
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I have really started in the past couple of months to advocate firewall usage regardless of the OS and of the number of services available. The reason for this is because many exploits found in Linux and in BSD are DOS that are caused by incorrect handling of packets by the kernel. The firewall would stop any of these packets before they had the chance to hit the kernel.

    That being said, Guarddog and Firestarter are the same firewall (iptables). However, they are just different GUIs that make it easier to edit firewall rules without having to learn any of the mombo jombo of iptables so try one and see if you are comfortable with it. If you don't like it, then try the other one.

    Cheers,

    Alphalutra1
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks Alphalutra.
    I decided to learn about iptables before trying those firewalls...maybe I end up doing all manually.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So what if u don,t use one of these FWs? Default handling of packets by linux willl not be enough?
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    There is always the possibility of some app being installed either accidently or improperly configured to accept connections from more then it should thus leaving your pc exposed if that app has any vulnerabilities or you haven't properly secured it. The firewall would prevent this from happening since it would block all incoming connections unless you explicitly allow them to happen.

    Also, as I said in the previous post, many vulnerabilities in Os's is how they improperly handle packets (especially IPv6 since it really isn't widely used and is still being worked on and becoming battle tested) If someone were to send you a bad packet, then your computer could crash, or lose your internet connection. Possibly quite annoying and may cause a loss of data if anything is open and not properly saved and recovered. Just possibilities, but none the less, important things that should be prevented at all costs.

    Of course you can argue that the firewall is just another layer of code you are exposing to the internet, but there have been very few vulnerabilities in IPtables in the past (the last was in 2002 I think) and pf hasn't had one yet. In comparison, almost all *nixs have had some type of remote DOS attack vulnerability that has been patched of course, but still if you don't get the latest kernel or have a firewall protecting yourself, you have the small chance of being a victim. Better safe then sorry, and the firewall causes negligible impact on performance, especially with the great firewalls for the free OSs that are included automatically (iptables, pf, ipfw, etc.)

    Also, these firewalls don't have any application control, so you don't have to worry about popups, just getting them up and keeping state on all outgoing connections and denying anything else, and you should be good to go.

    Cheers,

    Alphalutra1
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Thank you Alphalutra1, now i know i'm not crazy. iptables creates a visible policy for me, i never liked the idea of not using it.

    If i try something like samba, or use amule, i KNOW nothing is listening, even if i noobconfigure it.

    HURST, you won't regret it. Just save some time for it. Go to the website, read Networking Concepts HOWTO, Packet Filtering HOWTO, the others only if your interested (these will get you going).
    I liked this Howto also, it gives someone's insight on building rules.
    Then you got man pages for completeness, or this big tutorial by Oskar Andreasson. It's on my todo list, so i really don't know how it is. Probably we won't use half of it, but it's supposed to be the best/ one of the best guides.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Alphalutra1! I am not sure but as I understand that FireStarter or any Guard Dog is just a GUI for ip tables. So my Q is that if I don,t install and run any of these FWS, IP tables are not being used bt default?

    Sorry if I am not understanding it well.
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    The default is no rules, and everything is allowed. You have to build the rules, save them in a file, and set iptables to load them at boot.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    And what if I use FireStarter, does it has pre-built rules or rules are made during its configuration or u have to make rules in it after the config?

    Thanks
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,
    Another thing you should always do is restrict the range of IPs that can listen to these ports. For example, samba / cups, I always restrict to local addresses, so there are no open ports to the wide world.
    Mrk
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    In iptables and samba? I think i read somewhere that samba can restrict also, but i haven't tried samba yet. Can it?

    aigle: yes, Firestarter will load its rules in iptables once you finish configuration.
     
  14. tlu

    tlu Guest

    Yes, it can. Let's say you use Samba with Vmware, you can add the following lines to /etc/samba/smb.conf :

    Code:
    bind interfaces only = true
    interfaces = vmnet8 vmnet1
    to make sure that Samba is only visible from the guest by allowing it to listen only to the virtual interfaces provided by VMware (where vmnet8 is used for NAT and vmnet1 for Host Only).
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Pedro!
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Another example for cups:

    In the file /etc/cups/cupsd.conf, you can define to which addresses the cups will listen

    For example:

    Above this line: Listen /var/run/cups/cups.sock you can define
    xxx.xxx.xxx.xxx:631 or perhaps *:631 or anything of the sort. It can be a single IP, subnet, or all addresses.

    That way, the port will be open only locally. After configuration, you should run nmap on localhost and other adapters to see that things are configured properly.

    Mrk
     
  17. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Thank you both. I got it. :thumb:
     
Thread Status:
Not open for further replies.