[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall and Laptop

On Thursday 30 December 2004 10:23, Derek Broughton wrote:
> On Thursday 30 December 2004 09:28, Ryan D'Baisse wrote:
> > On Thu, 30 Dec 2004 09:06:03 -0400, Derek Broughton
> >
> > <derek@pointerstop.ca> wrote:
> > > Did firestarter get any documentation yet?  I have tried it a few
> > > times. It looks like it's on the right track, but it had useless
> > > documentation. It just wasn't worth the effort.
> >
> > If I may offer my $0.02, I am a newbie to Linux and saw this thread
> > last night.  Within 5 minutes I had downloaded, installed, and
> > configured firestarter with my firewall.  The wizard-like interface
> > took virtually all of the thinking out of the equation.  I would guess
> > that, if firestarter doesn't have documentation, then it is probably
> > because one really doesn't need it with such a slick interface.
> Sounds good enough to me, at least to give it another try.  It must be well
> over a year since I tried it.

OK, off the top:
- it needs 22 other gnome apps I didn't want.  No big deal if you're already 
using gnome.

- it still can't configure an interface it isn't actively connected to.  When 
I'm at work the Internet is on eth0.  When I'm home, it's dpc0 and eth0 is 
the local network.  There's no apparent way to save both configs (which 
shouldn't really be different, anyway, just the same rules on different 
interfaces).  This is an unusual connection, but using ppp0 at home and eth0 
at work would be _very_ common.

- without a single question about my usage, it thinks it can configure a 
firewall!  Now, it's built _something_, but I don't know enough about 
iptables to be sure, but it looks awfully permissive.  At the very least, I'm 
currently connected to this machine by VNC and it isn't even blocking me. It 
did block Telnet, but I usually leave that open to my desktop machine.

- It still has no help (there's a menu entry, but it never gives me any help).  
That's not acceptable for a firewall - you need to know _why_ it built the 
rules it did (unless you understand iptables a lot better than I do - in 
which case you probably didn't need a GUI to do it).

It might not be a bad firewall if you use Gnome, and if the Help actually 
works on Gnome, but imo it would be a very poor firewall for anyone else.

I'm going back to guarddog - which is also a Gnome app, but works much better 
with KDE, and runs the same startup script no matter what interface my 
connection is on.

Reply to: