Re: Firewall - which one?

http://www.simonzone.com/software/guarddog/ (available from the "universe" repositories)

Re: Firewall - which one?

I use and recommend Firestarter. But if you want to lock down outbound access by individual program, you might need to look into SELinux or AppArmor in combination with a firewall. I don't know of any IPTables-based firewalls that do that.

Re: Firewall - which one?

Hi, I tried lokkit, but it is too basic for me. Also when I updated to Kub 6.1 the graphical version did not work. I then installed guarddog and it works quite nicely. By default it blocks everything, and then you must let some port opens (like POP, SMTP, HTTP, DNS, etc)
The only problem with guarddog is that the STMP port (25) and the DNS port (53) are set on "closed" and not "stealth", so they are still visible to possible attackers.
I did the security free test offered by Gibson Research Corporation (www.grc.com) and this security issue comes up. But if I disable these ports I cannot navigate internet, nor send mails.
The windows firewall of my girlfriend computer allows dns and smtp but it does not show the port to the internet.
Does anyone know how I solve this? I mean a windows application that is better of a linux one is hard to digest for me!
best,
marco

Re: Firewall - which one?

penguin.ch,
Thanks for the link, but GuardDog doesn't seem to be an application firewall.

Rob_H,
Thak you, AppArmor seems to be the best choice from what is available.

None of the Linux firewalls I have seen allow filtering active content on a per application basis (e.g. allowing JavaScript for one, but denying it for others), and
none comes even close to the sophisticated level of control in Outpost Pro on Windows.

Coming from Windows, I intend to use certain Wndows apps on Linux: due to my work, I MUST be able to continue using MS Office and Trados, and there may be other applications I'd like to keep. Crossover Office or vmWare enable me to do this. But I want to ensure that my Linux, allegedly more secure than Windows, doesn't get compromised. I want to be able to specify which application is allowed what, including active content.

The first flock of "emigrees" coming from Windows to a Linux desktop will probably tend to be people with above-average skills, and they are security-conscious. The lack of a firewall giving them the same sense of comfort and security they had behind a good firewall on Windows may be a major deterrent. If they get bitten by security issues on a "secure" Linux system, they may even decide to give up.

Re: Firewall - which one?

I'm not familiar with Outpost Pro, but it seems to me that what you're looking for is not really a "firewall," which is all about network packet filtering. but rather a way to reach into running applications and limit what they can do. Hopefully, AppArmor can help you, or features within the individual apps (e.g. the NoScript extention for Firefox). If it's Windows apps that concern you, VMWare lets you effectively sandbox them running under Linux.

Remember, too, that the security model of Linux hinders certain kinds of attacks that are much more common in Windows. For example, the fact that Linux users don't typically run as root makes it a lot more difficult for malicious software to take over. And Linux just isn't a target (so far) for those kinds of exploits.

Re: Firewall - which one?

Rob_H,
That would be a firewall working in the IP layer only.
A firewall that can handle the Transport layer and the Application layer (in addition to IP) would be just what I had in mind (Outpost does it).
I'll probably also miss the comfort of being able to allow/block active content on a per application basis.
But since what I am looking for doesn't seem to exist on Linux, thank you for making me look at what I want from a more useful angle. You are right, what I want is limiting running applications.

Looking at my problem from this new perspective makes VMWare combined with AppArmor an attrative proposition.

Thanks again for your helpful post.