Open source linux firewalls:

Discussion in 'other firewalls' started by apathy, Jan 27, 2006.

Thread Status:
Not open for further replies.
  1. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I'd love to see a thread for linux security programs.

    Right now I am using:

    1.) iptables(duh)
    2.) psad(detect portscan and block ip's)
    3.) snort
    4.) rkhunter(rootkit hunter)
    5.) aide(tripwire like program)
    6.) no sshd/telnetd will help alot

    I haven't found that many very useful open source linux firewalls.
    Everyone says firestarter and guarddog but they are to limited.
    Fwbuilder and kmyfirewall are very good but no application level.
    The only really good application level firewalls for linux come in distros
    like astaro security linux and others.
     
  2. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    have you tried these FWs?
    http://www.fiaif.net/
    http://firehol.sourceforge.net/
    can you use? http://www.shorewall.net/ or Smoothwall
    i just found them in my Package Manager - Synaptic. there's loads other other FW related stuff too. i found a FW which looked really good but development had stopped a year or so ago, i can't remember the name of it now. here it is:
    http://gtk-iptables.sourceforge.net/screenshots.html
    http://gtk-iptables.sourceforge.net/

    there's some really good network tools for Linux too.
     
  3. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Thanks for your comments.

    I also run ubuntu but the kde version.

    What are some programs you use for security?

    I was looking at shorewall or firehol, both look interesting.
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i can only think of firestarter and privoxy (a web filter) which are in constant use. i have ethereal too. oh, i use clam and F-prot too and rkhunter and chkrootkit.

    i also have some brilliant nautilus-scripts, one lets me scan files by right-clicking them using clam and another, by the same person, lets me encrypt/decrypt files. i'm sure there must be scripts for Konquerer or Kubuntu too which you could look for. but, looking at your programs you look pretty well covered, better then me. the only other thing i can think of is disabling services. i know there are other things you can do to lock down your box but i can't remember them.

    here's are some links
    http://lotusleafslinks.tuxfamily.org/linuxsecuritymisc.html
    http://www.nsa.gov/selinux/
     
  5. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I installed firehol and it is very impressive.
    The language it uses for the firewall is very easy
    and yet powerful. Thanks for the tip.
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    good, i have to admit i'm not very good with Linux security i got worn down by everyone saying you don't need to do anything when i know there are some things you can do. i might try firehol though, it looks pretty good.
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    there are afew good articles about Linux security in insecuremag and there are some great articles at linuxsecurity too. if you like insecuremag and you want some similar links let me know, i'd give them to you now but i'm just about to start watching this video and it's slowing down my connection so it would take to long to get the url's. d'oh, i've already seen the video.

    here are some more ezines, there are some security things in them, but you have to find them, some you might have to subscribe to, you can use this site for a throw away email address so you won't get any spam at your other email addresses, just remember there's no password for the email address at dodgeit so make up a good random name e.g. %^yt5dsg8(7f@dodgeit, then go to dodgeit and put the address you made up in the box and reply to the subscription email:
    this first link the free downloadable stuff starts at Issue 69
    http://www.linuxformat.co.uk/modules.php?op=modload&name=Sections&file=index&req=printpage&artid=5

    http://www.freesoftwaremagazine.com/free_issues/

    http://www.hakin9.org/en/index.php?page=download#

    http://www.o3magazine.com/current.html
     
    Last edited: Jan 30, 2006
  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, this is what i was trying to find - http://www.grsecurity.net/index.php

    there's a article about it in insecuremag issue 4. although it might be abit much for a standalone PC, i'm not sure though.
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
Loading...
Thread Status:
Not open for further replies.