software firewall for linux?

[zskillz]

I'm using rh9 and I was wondering if there is a default firewall (akin to zone alarm) that I could enable on my machine?

if not what do you all recommend??

thx
-Z

[VHockey86]

Shorewall is what comes installed with mandrake, not sure about others.

[computerwizz]

This is this firewall software package called m0n0wall I don't know much of it; all I know is its a boot-cd FreeBSD firewall. We call it "firewall boxes".

[Hanging Chad]

GuardDog comes with MEPIS, which is Debian.

[capybara]

my system comes with firestarter, which is gui-bassed and simple 2 use. highly recommended

[James T]

iptables is built in to the new kernels. Mostly linux firewalls are actually firewall configuration packages. BTW this IS worthwhile, you do not want to be doing the iptables config yourself. You will leave holes. Monmotha's (google it) is another.

[Siliconjunkie]

James is on the right track. You want an IPTables script/tool.

IPTables is the Linux equivilent of Zone Alarm.

Another to look at is APF. Advanced Policy Firewall. It is real nice.

[CMonster]

I second the 'Firestarter' suggestion www.fs-security.com/

[VHockey86]

I notice its the "firewall for gnome"
Does this mean it cant run in KDE? Or just that it needs gnome libraries installed to run?

[James T]

[rant]

I second the 'Firestarter' suggestion www.fs-security.com/

You know, the thing that I dislike about this package is the marketing BS.

It's a glorified iptables config tool. Downloaded it ... in the readme is: -

Code:

Firestarter is a complete firewalling tool for Linux.

Also in the readme is: -

Code:

Requirements
============
A machine running Linux kernel version 2.4 or 2.6 with
Linux IP Firewalling Tables (iptables) version 1.2.3 or higher
Gnome 2.6

What peeves me off about this is that Firestarter is NOT a complete firewalling tool. Take away iptables and you have a useless pretty script. Now if they claimed that Firestarter was an excellent user level firewall configuration tool, which it may be, I'd be happy. But when they can't honestly describe the package ... use something else!
[/rant]

[CMonster]

I totally agree - it is just a config tool for iptables but it is one of the easy ones

[Epyon9283]

I like shorewall.

[computerwizz]

I like shorewall.

Could you tell us a little more.

[Siliconjunkie]

[rant]

You know, the thing that I dislike about this package is the marketing BS.

It's a glorified iptables config tool. Downloaded it

What peeves me off about this is that Firestarter is NOT a complete firewalling tool. Take away iptables and you have a useless pretty script. Now if they claimed that Firestarter was an excellent user level firewall configuration tool, which it may be, I'd be happy. But when they can't honestly describe the package ... use something else!
[/rant]

This is true of almost any Linux "firewall" they are all just different ways of setting up IP Tables.

[sheriff]

If you have a old computer laying around, a 500 meg hardrive, use Smoothwall.
I have used it for years. The software is easy to set up. The old box wont need
a monitor, keyboard or mouse (if your old bios will allow removal with alarming), and can be controlled by the browser. If you want to use just the one box, then
there's lots of good answers in the prev posts.

[Epyon9283]

Could you tell us a little more.

Its good stuff

I had used firestarter and then guarddog. Firestarter wasn't configurable enough for me so I tried guarddog. That was ok but the interface sucked and it wouldn't allow broadcast packets from my own lan no matter what I did.

Shorewall (or shoreline as they're calling it on parts of their site) has no gui. The rules file was easy to set up and there are a lot of different options. You can find out more on their site: http://www.shorewall.net/

[Siliconjunkie]

Rather than smoothwall, look at ipcop. It is a fork of smoothwall. The main developers at smoothwall turned into jerks, so some of the other developers made ipcop.

[implexant]

James is on the right track. You want an IPTables script/tool.

IPTables is the Linux equivilent of Zone Alarm.

Another to look at is APF. Advanced Policy Firewall. It is real nice.

O but so much better

I loved using IPTables when I had my IPCop machine. So powerful!

Rather than smoothwall, look at ipcop. It is a fork of smoothwall. The main developers at smoothwall turned into jerks, so some of the other developers made ipcop.

Ain't that the truth.

-Chris