Re: [slightly OT]: GUI firewall applications in Linux
From: Hugo Vanwoerkom (hvw59601_at_care2.com)
Date: 11/29/05
- Previous message: Paulo M C Aragão: "USB devices not working after APM suspend"
- In reply to: H.S.: "[slightly OT]: GUI firewall applications in Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Tue, 29 Nov 2005 05:15:50 -0600
H.S. wrote:
> Hi,
>
> I have managed to convince a friend of mine to try out a Linux based
> machine as a router in the company that he works in. At present, all
> their computers (around 15 or so) run Windows. They have a router (I
> think a consumer grade one) through which they connect their lan
> computers to the internet in some way.
>
> For quite a while he had been complaining about viruses and spyware in
> this computers. So I suggested he install Firefox and Thunderbird and
> train users not to use IE or Outlook, run spyware and antivirus and
> educate users NOT to click on any random links. So far so good. But he
> still has problems about controlling his network traffic and internet
> security. So now I have convinced him to install Debian (or some other
> flavor of Linux) on a machine and make it a jpowerful and fully
> configurable router.
>
> That is the story. Now, I personally have a firewall script (iptables)
> set up on my computer. But my friend is not Linux literate at all is not
> going to be confortable with bash scripting and vi editor and iptables
> in the first go. Is there a GUI firewall application for Linux that can
> be installed on router computers to deal with with various applications:
> web browsing, email, databases: oracle & siebel, or other Windows stuff?
>
> I am also thinking about suggesting he use spam assassin to block spam
> coming in or going out. But I haven't touched this subject yet.
>
> My eventual aim is to make him install Ubuntu on a computer or two and
> let him see how well that performs (though he has some applications in
> his company that run on Windows only - need IE).
>
I suggest Firehol.
I just did that and it is excellent.
It is in Debian and is a set of bash scripts that get invoked, but you
just have to follow Firehol's language, not all of iptables, or
scripting bash.
It gets explained very well here:
http://firehol.sourceforge.net/
The proof is in the pudding: you set up a bunch of Firehol statements
and then invoke it with --try. And you keep doing that until it works.
And then you invoke:
http://scan.sygatetech.com/stealthscan.html
And see that he has "blocked" on everything.
After that you don't need firehol anymore: just set up the iptables when
the network comes up.
H
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Paulo M C Aragão: "USB devices not working after APM suspend"
- In reply to: H.S.: "[slightly OT]: GUI firewall applications in Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
