Re: [slightly OT]: GUI firewall applications in Linux
- To: email@example.com
- Subject: Re: [slightly OT]: GUI firewall applications in Linux
- From: Hugo Vanwoerkom <firstname.lastname@example.org>
- Date: Tue, 29 Nov 2005 05:15:50 -0600
- Message-id: <email@example.com>
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com>
I have managed to convince a friend of mine to try out a Linux based
machine as a router in the company that he works in. At present, all
their computers (around 15 or so) run Windows. They have a router (I
think a consumer grade one) through which they connect their lan
computers to the internet in some way.
For quite a while he had been complaining about viruses and spyware in
this computers. So I suggested he install Firefox and Thunderbird and
train users not to use IE or Outlook, run spyware and antivirus and
educate users NOT to click on any random links. So far so good. But he
still has problems about controlling his network traffic and internet
security. So now I have convinced him to install Debian (or some other
flavor of Linux) on a machine and make it a jpowerful and fully
That is the story. Now, I personally have a firewall script (iptables)
set up on my computer. But my friend is not Linux literate at all is not
going to be confortable with bash scripting and vi editor and iptables
in the first go. Is there a GUI firewall application for Linux that can
be installed on router computers to deal with with various applications:
web browsing, email, databases: oracle & siebel, or other Windows stuff?
I am also thinking about suggesting he use spam assassin to block spam
coming in or going out. But I haven't touched this subject yet.
My eventual aim is to make him install Ubuntu on a computer or two and
let him see how well that performs (though he has some applications in
his company that run on Windows only - need IE).
I suggest Firehol.
I just did that and it is excellent.
It is in Debian and is a set of bash scripts that get invoked, but you
just have to follow Firehol's language, not all of iptables, or
It gets explained very well here:
The proof is in the pudding: you set up a bunch of Firehol statements
and then invoke it with --try. And you keep doing that until it works.
And then you invoke:
And see that he has "blocked" on everything.
After that you don't need firehol anymore: just set up the iptables when
the network comes up.