Author Topic: Firewall  (Read 686 times)

CaptainCool

  • Member
  • **
  • Posts: 129
  • Kudos: 0
Firewall
« on: 13 July 2002, 10:04 »
I need a good firewall for linux anyone know of any???

 

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Firewall
« Reply #1 on: 13 July 2002, 10:25 »
which version of Linux are you using?
how are you connected to the internet?
How paranoid are you?
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

CaptainCool

  • Member
  • **
  • Posts: 129
  • Kudos: 0
Firewall
« Reply #2 on: 13 July 2002, 10:46 »
Uhh im using mandrake 8.2 and my internet connection
is dsl.
Reason why i want one is cause someone was trying to break into my comp awhile ago.

Sleeping Dog

  • Member
  • **
  • Posts: 158
  • Kudos: 0
Firewall
« Reply #3 on: 13 July 2002, 19:53 »
One of the developers, who was on my team at Nortel, did the following:

He used an old box (a P-233 I think) running Linux as a hub/switch for his family-home network.  To "firewall" the system, he shut down every port on that box except the ones being used by his broadband internet connection and the LAN.  He then wrote a short JAVA routine that only passed his LAN transmissions.  It also created an IP masque so that the P-233 was invisible to pings.

If you do JAVA or know someone who does, maybe they could whip you up a similar routine that is custom tailored to your specific needs.  He said that the whole thing that he did was fewer than 20 lines of code.

Hope this helps.

Sleeping Dog

Sleeping Dog

  • Member
  • **
  • Posts: 158
  • Kudos: 0
Firewall
« Reply #4 on: 13 July 2002, 19:56 »
PS

If we get lucky in the near future, maybe some genius out there will port ZoneAlarm to LINUX.  It is a great product, and a free version for Winsucks is available at http://www.zonelabs.com/

Sleeping Dog

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Firewall
« Reply #5 on: 13 July 2002, 21:31 »
I have a Pentium MMX 200MHZ running a proxy server for my LAN. I have setup my ipchains to block unwanted ports and netbios attempts.
With iptables i could easily tell it not to allow anything but already established connections from my LAN though.

[ July 13, 2002: Message edited by: Master of Reality / Bob ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Sleeping Dog

  • Member
  • **
  • Posts: 158
  • Kudos: 0
Firewall
« Reply #6 on: 13 July 2002, 22:49 »
If your Linux box is not presently part of a network, (or even if it is) you may want to go into the BIOS and set the BIOS level virus warning/protection to "Enabled" if you have not done so already.  (Almost all Intel and AMD systems made in the last few years have this feature).

This will not prevent unwanted pings nor will it scan incoming content, but it will prevent viruses or unwanted guests from making changes in your boot sector.

You will have to manually switch it back should it interfere with any loads, etc. that you want to happen, but at least this will add one more  small bit of "protection" to your box.  It is really not a bad idea to do this on any system whatever the OS.

Cheers and Beers

Sleeping Dog

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Firewall
« Reply #7 on: 15 July 2002, 21:50 »
You don't need ZoneAlarm on Linux. All distros that I am aware of come with the firewalling utilities to utilize the firewalling capability that has built in to the Linux kernel in like forever.  ipchains/iptables does what ZoneAlarm does and much more.
Someone please remove this account. Thanks...

Sleeping Dog

  • Member
  • **
  • Posts: 158
  • Kudos: 0
Firewall
« Reply #8 on: 15 July 2002, 22:14 »
Cool Beans, Void...M.O.R.....I will check out the ipchains/iptables areas.  I have not had the opportunity to dig that deep yet.

Thanks Mucho

Sleeping Dog