Re: Firewall software.

From: Llanzlan Klazmon (Klazmon_at_llurdiaxorb.govt)
Date: 09/29/05

  • Next message: szcs_at_abuse.co.uk: "Re: Why is NTFS writing recommended against?"
    Date: 29 Sep 2005 17:07:01 +1200
    
    

    Jeffrey Goldberg <nobody@goldmark.org> wrote in news:11jmg45rdt2frd6
    @news.supernews.com:

    > TLOlczyk wrote:
    >
    >> For the first time, I am going to have a Linux box on the web [...]
    >
    > Sorry to be pedantic, but it is probably better to call it the Internet,
    > or 'net instead of the web.
    >
    >> Before I connect the computer to the web,
    >> there is one thing I feel I must do. Install a firewall.
    >
    > Most modern Linux systems come with firewall installed with reasonable
    > defaults (but you always should check the settings yourself).
    >
    >> Now the first thing, I want to clarify what I mean by firewall, since
    >> it seems that the way the term is used in the Windows world and
    >> the networking world in general is different. I mean a piece of
    >> software that examines packets as they are being sent to and from
    >> the TCP/IP stack, and either blocks the packet or lets it through,
    >> depending on cetain criteria. I will call this a "softwarer firewall".
    >
    > Fine. Another term you will here is "host based firewall". That is,
    > where the firewall is running on the machine it is supposed to be
    > protecting, instead of a "network firewall" which runs on some router or
    > bridge or something that selectively lets packets through it. In a
    > sense, they are all software if you count firmware as software.
    >
    >> From what I've seen there appears to be only one true software
    >> firewall for Linux: ipchains.
    >
    > iptables. ipchains has been largely replaced by iptables. iptables
    > does everything that ipchains does and more.
    >
    >> All other software firewalls are really
    >> enhancements to ipchains, built on top of it. Can someone clarify.
    >
    > That's about right. Most of the software is about managing iptables for
    > you.
    >
    >> 1) Dynamic control of ports.
    >> By this I mean that I want to be able to open or close a port
    >> without haviing to reboot or restart a daemon.
    >
    > Yes with iptables (and also ipchains even its predecessor, ipfw) you can
    > modify the tables (chains, rules) on the fly.
    >
    >> 2) Control of both incoming and outgoing packets.
    >
    > Yes, iptables (and predecessors) do this.
    >
    > I don't know how the individual firewall management packages do this.
    > But the capability is there and so the full featured packages will help
    > manage this.
    >
    >> 3) Application specific control.
    >> I don't simply want to say "open port 80". I want to say "open port 80
    >> for firefox, but not for ssh or ftp".
    >
    > Not to my knowledge. Does ZoneAlarm really do that? If so, how?
    >

    Yes. It has a hook in the Windows OS that gets invoked when any program
    tries to open any sort of ip connection. Zonealarm prompts you to either
    permit or deny. If you permit the connection it stores a checksum of the
    binary and name of the program along with the protocol and port allowed.
    This means it will only ask again if you install an updated version of the
    program that you had previously ok'd or the program tries to open a
    different port etc. Actually most of the Windows desktop firewalls do that
    these days. Many of the worms/viruses make a point to shutdown Zonealarm or
    any other such firewall they recognise to get around this.

    Klazmon.

    > -j
    >


  • Next message: szcs_at_abuse.co.uk: "Re: Why is NTFS writing recommended against?"

    Relevant Pages

    • Firewall Rules Summary
      ... Subject: Firewall Rules Summary ... This script is provided "as is" with no implied warranty. ... this came from various howtos and articles on iptables that existed around ... #specific port denies>1024 tcp ...
      (Focus-Linux)
    • Re: Konvertierung ipchains -> iptables
      ... >> Firewall umsetzen muss, ist das leider nicht so einfach. ... > Die Kunden werden Dir kaum opaque ipchains-Zeilen geliefert haben, ... > iptables am besten stateful neu, wonach man schon mal halb so viele Regeln ... >> Die Umstellung von ipchains auf iptables hat rein technische Gruende. ...
      (de.comp.os.unix.networking.misc)
    • Re: iptables firewall script for linux
      ... "ipchains: Incompatible with this kernel". ... port is shown as LISTENING. ... What's wrong with reading the HOWTOs? ... included for their basic firewall concepts. ...
      (comp.security.firewalls)
    • Re: How to maximize security with iptables when http service opening?
      ... You're running firewall ... single host running httpd and iptables. ... If you want to run www server then you need to open port 80 ... Of course, attacker still can get it, ...
      (comp.os.linux.security)
    • Re: Webmin & system-config-securitylevel
      ... > I have a server running FC2, iptables were setup using ... > service unless I expressly opened that port. ... I did this thru webmin using the firewall config tool under ... <snip config files> ...
      (alt.os.linux.redhat)