Re: Which is firewall generator suitable for new hand?

To: debian-user@lists.debian.org
Subject: Re: Which is firewall generator suitable for new hand?
From: Nate Bargmann <n0nb@networksplus.net>
Date: Thu, 3 Mar 2005 19:23:24 -0600
Message-id: <[🔎] 20050304012324.GE3854@mail.networksplus.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200503040111.48177.alexcabuz@wanadoo.fr>
References: <[🔎] 4226FF25.9060402@yahoo.com.hk> <[🔎] 42272497.6020809@rcrcomputing.com> <[🔎] 200503040111.48177.alexcabuz@wanadoo.fr>

* Alexandru Cabuz <alexcabuz@wanadoo.fr> [2005 Mar 03 18:13 -0600]:
> > If you have a gui, I suggest ap-get install guarddog
> 
> I have been using firestarter for a while and it seems OK.
> 
> Actually I was wondering, is there any difference between all these firewall 
> programs outside of the interface? 

Implementation details I would guess.  The most telling is to set up a
firewall with each tool and then run nmap against your machine (on an
isolated LAN is probably best).  Time consuming, but educational.  :)

> I am just a user, trying to get on the internet from my fixed IP machine.
> 
> firestarter, guarddog, shorewall, firehol, easyfw, fiaif, ferm, fwbuilder, 
> lokkit, mason, netscript, portsentry, uif, ...
> 
> What's the difference? Is one more "hardy" than the other?
> I want something easy to use, where I don't need to go reading hundreds of 
> pages of docs. Just tell it I need ssh access from this and this IP, and 
> that's it. graphically if at all possible.
> 
> I am at the point where I am starting to not be a newbie anymore, but I am not 
> a programmer and don't want to be one. I want to be an informed user.

For several years I've used hacked ipmasq rules to twist it so it
doesn't masquerade but just firewalls.  Things seem to be working okay,
but sometimes I have to go hunting in the logs to figure out why some
service is having trouble.  On the recommendation of this thread I've
given Guarddog a try.

The rules it generates seem to be quite comprehensive covering some
areas I'd missed or was unaware of.  It looks like one should be able
to call '/etc/init.d/guarddog start' which in turn calls the custom
/etc/rc.firewall script from a pppd script for dynamic addresses.

I suppose for any of these packages it would be wise to check the BTS
for any outstanding issues.

- Nate >>

-- 
 Wireless | Amateur Radio Station N0NB          |  Successfully Microsoft
  Amateur radio exams; ham radio; Linux info @  | free since January 1998.
             http://www.qsl.net/n0nb/           |  "Debian, the choice of
             My Kawasaki KZ-650 SR @            |     a GNU generation!"
        http://www.networksplus.net/n0nb/       |   http://www.debian.org

Reply to:

References:
- Which is firewall generator suitable for new hand?
  - From: James Ng <james_nghk_debian_user@yahoo.com.hk>
- Re: Which is firewall generator suitable for new hand?
  - From: Rodney Richison <rodney@rcrcomputing.com>
- Re: Which is firewall generator suitable for new hand?
  - From: Alexandru Cabuz <alexcabuz@wanadoo.fr>

Prev by Date: Re: aptitude: information area customizable?
Next by Date: Re: aptitude: information area customizable?
Previous by thread: Re: Which is firewall generator suitable for new hand?
Next by thread: Re: Which is firewall generator suitable for new hand?
Index(es):
- Date
- Thread