[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure Installation

On Fri, Aug 17, 2007 at 03:04:42PM -0700, Jack T Mudge III wrote:
> On Thursday 16 August 2007 15:09, R. W. Rodolico wrote:
> > Unfortunately, I have to point to some of the
> > user oriented firewalls you get for windoze (which, to my knowledge, Linux
> > does not have). When they are installed, the shut down basically
> > everything incoming, and all but a few standard outgoing ports (http,
> > smtp, pop and imap). When an application tries to go out of another port,
> > a pop-up informs the user and they can choose to accept, accept or reject,
> > with a "forever" modifier on both, and the firewall changes its rules
> > appropriately.
> The problem with these lies on 2 levels. The first is that all network traffic 
> would have to somehow be routed through this application, which in windows is 
> no big deal as all that is already in place. But we haven't installed that 
> infrastructure, so it would be tougher to get that running in the first 
> place. This is not a primary concern regarding the firewall, but it is an 
> issue if we do eventually decide to integrate a firewall like that.

Iptables can already do this, it can communicate with user-space
applications. There's just no desktop-oriented firewall application (that I
know of) that uses this feature to use this feature.

Some applications (firestarter at least), however, do allow you to see the
firewall logs and enable/disable rules based on rejected traffic. Not very
intuitive, however, and no information of which process is responsible for
the outgoing communication or would receive the incoming communication.



Attachment: signature.asc
Description: Digital signature

Reply to: