Re: Firewall software.
From: Llanzlan Klazmon (Klazmon_at_llurdiaxorb.govt)
Date: 29 Sep 2005 17:07:01 +1200
Jeffrey Goldberg <firstname.lastname@example.org> wrote in news:11jmg45rdt2frd6
> TLOlczyk wrote:
>> For the first time, I am going to have a Linux box on the web [...]
> Sorry to be pedantic, but it is probably better to call it the Internet,
> or 'net instead of the web.
>> Before I connect the computer to the web,
>> there is one thing I feel I must do. Install a firewall.
> Most modern Linux systems come with firewall installed with reasonable
> defaults (but you always should check the settings yourself).
>> Now the first thing, I want to clarify what I mean by firewall, since
>> it seems that the way the term is used in the Windows world and
>> the networking world in general is different. I mean a piece of
>> software that examines packets as they are being sent to and from
>> the TCP/IP stack, and either blocks the packet or lets it through,
>> depending on cetain criteria. I will call this a "softwarer firewall".
> Fine. Another term you will here is "host based firewall". That is,
> where the firewall is running on the machine it is supposed to be
> protecting, instead of a "network firewall" which runs on some router or
> bridge or something that selectively lets packets through it. In a
> sense, they are all software if you count firmware as software.
>> From what I've seen there appears to be only one true software
>> firewall for Linux: ipchains.
> iptables. ipchains has been largely replaced by iptables. iptables
> does everything that ipchains does and more.
>> All other software firewalls are really
>> enhancements to ipchains, built on top of it. Can someone clarify.
> That's about right. Most of the software is about managing iptables for
>> 1) Dynamic control of ports.
>> By this I mean that I want to be able to open or close a port
>> without haviing to reboot or restart a daemon.
> Yes with iptables (and also ipchains even its predecessor, ipfw) you can
> modify the tables (chains, rules) on the fly.
>> 2) Control of both incoming and outgoing packets.
> Yes, iptables (and predecessors) do this.
> I don't know how the individual firewall management packages do this.
> But the capability is there and so the full featured packages will help
> manage this.
>> 3) Application specific control.
>> I don't simply want to say "open port 80". I want to say "open port 80
>> for firefox, but not for ssh or ftp".
> Not to my knowledge. Does ZoneAlarm really do that? If so, how?
Yes. It has a hook in the Windows OS that gets invoked when any program
tries to open any sort of ip connection. Zonealarm prompts you to either
permit or deny. If you permit the connection it stores a checksum of the
binary and name of the program along with the protocol and port allowed.
This means it will only ask again if you install an updated version of the
program that you had previously ok'd or the program tries to open a
different port etc. Actually most of the Windows desktop firewalls do that
these days. Many of the worms/viruses make a point to shutdown Zonealarm or
any other such firewall they recognise to get around this.