• Is Guarddog still the easiest and best firewall GUI program for Linux?

    From Ant@1:0/0 to All on Fri Dec 2 22:14:49 2011
    Subject: Is Guarddog still the easiest and best firewall GUI program for Linux?

    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    Thank you in advance. :)
    --
    Quote of the Week: "Stir up an ant's nest." --unknown
    /\___/\ Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / Please nuke ANT if replying by e-mail. If crediting,
    ( ) then please kindly use Ant nickname and AQFL URL/link.

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From notbob@1:0/0 to All on Fri Dec 2 22:42:28 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 2011-12-02, Ant <ANTant@zimage.com> wrote:
    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    I don't think so. I use arno's firewall:

    http://rocky.eld.leidenuniv.nl/joomla/

    Arno's firewall starts out blocking everthing coming at your computer.
    The only traffic allowed, by default, is outgoing traffic from your
    computer and it's subject to stateful inspection. End of story. If
    you want to allow incoming traffic for a server (ssh, http, etc), you
    can do so by editing the bash script file that configures iptables at
    boot up.

    I tried figuring out guarddog, but it was jes too confusing. With
    arno's, no icons or zones or whatever all that GD crap is. Jes get it
    running and forget it. This on a slackware box, where the command
    line is mightier than the mouse. ;)

    If yer running ubuntu or some ubu variant, ufw seems to work well
    enough. It certainly lives up to its name, uncomplicated firewall.
    I'd stick with that. I don't know if ufw is available for debian.

    nb

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From The Natural Philosopher@110:300/1.1 to All on Sat Dec 3 05:05:40 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    Ant wrote:
    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?


    Depends on what you know about firewalling...

    I have used Webmin, and it was good enough for me, but in the end I
    needed to write done a fairly tidy set of rules anyway, and it wasn't
    hard to do that as a series of command line commands wrappedd into a
    script,.


    Thank you in advance. :)

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: albasani.net (110:300/1.1@linuxnet)
  • From Ant@110:300/1.1 to All on Sat Dec 3 09:30:33 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 12/2/2011 1:42 PM PT, notbob typed:

    On 2011-12-02, Ant<ANTant@zimage.com> wrote:
    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    I don't think so. I use arno's firewall:

    http://rocky.eld.leidenuniv.nl/joomla/

    Arno's firewall starts out blocking everthing coming at your computer.
    The only traffic allowed, by default, is outgoing traffic from your
    computer and it's subject to stateful inspection. End of story. If
    you want to allow incoming traffic for a server (ssh, http, etc), you
    can do so by editing the bash script file that configures iptables at
    boot up.

    I tried figuring out guarddog, but it was jes too confusing. With
    arno's, no icons or zones or whatever all that GD crap is. Jes get it running and forget it. This on a slackware box, where the command
    line is mightier than the mouse. ;)

    If yer running ubuntu or some ubu variant, ufw seems to work well
    enough. It certainly lives up to its name, uncomplicated firewall.
    I'd stick with that. I don't know if ufw is available for debian.

    Ah, I want GUI because it is easier to understand what's going on. I use similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
    2009, Conseal PC Firewall, Norton, etc. :)

    --
    "Forbear, thou great good husband, little ant." --Richard Lovelace
    /\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / If crediting, then use Ant nickname and AQFL URL/link.
    ( ) If e-mailing, then axe ANT from its address if needed.
    Ant is currently not listening to any songs on this computer.

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: An Ant Farm (110:300/1.1@linuxnet)
  • From Ant@110:300/1.1 to All on Sat Dec 3 09:34:40 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 12/2/2011 8:05 PM PT, The Natural Philosopher typed:

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    Depends on what you know about firewalling...

    Just basics like what needs to go in and out from alerts from programs.


    I have used Webmin, and it was good enough for me, but in the end I
    needed to write done a fairly tidy set of rules anyway, and it wasn't
    hard to do that as a series of command line commands wrappedd into a
    script,.

    Well, I usually wait for the network programs to alert me of accesses.
    --
    "Remember when walking down the road of life, always stop and squish the ants." --Albian in Creatures game
    /\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / If crediting, then use Ant nickname and AQFL URL/link.
    ( ) If e-mailing, then axe ANT from its address if needed.
    Ant is currently not listening to any songs on this computer.

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: An Ant Farm (110:300/1.1@linuxnet)
  • From yamo'@110:300/1.1 to All on Sat Dec 3 11:10:14 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?
    Reply-To: yamo@beurdin.org

    hi,

    Ant a tapot‚, le 02/12/2011 22:14:
    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?


    I don't know Guarddog, for using on a GUI I use firestarter.


    --
    St‚phane

    <http://pasdenom.info/fortune/>

    Quatre-vingt ans, c'est l'ƒge de la pubert‚ acad‚mique.
    -+- Paul Claudel -+-

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: http://pasdenom.info/news.html (110:300/1.1@linuxnet)
  • From David Brown@1:0/0 to All on Sat Dec 3 12:23:53 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 03/12/11 09:30, Ant wrote:
    On 12/2/2011 1:42 PM PT, notbob typed:

    On 2011-12-02, Ant<ANTant@zimage.com> wrote:
    Hello.

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    I don't think so. I use arno's firewall:

    http://rocky.eld.leidenuniv.nl/joomla/

    Arno's firewall starts out blocking everthing coming at your computer.
    The only traffic allowed, by default, is outgoing traffic from your
    computer and it's subject to stateful inspection. End of story. If
    you want to allow incoming traffic for a server (ssh, http, etc), you
    can do so by editing the bash script file that configures iptables at
    boot up.

    I tried figuring out guarddog, but it was jes too confusing. With
    arno's, no icons or zones or whatever all that GD crap is. Jes get it
    running and forget it. This on a slackware box, where the command
    line is mightier than the mouse. ;)

    If yer running ubuntu or some ubu variant, ufw seems to work well
    enough. It certainly lives up to its name, uncomplicated firewall.
    I'd stick with that. I don't know if ufw is available for debian.

    Ah, I want GUI because it is easier to understand what's going on. I use similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
    2009, Conseal PC Firewall, Norton, etc. :)


    These aren't similar products. Windows "firewalls" operate in a
    completely different way from Linux firewalls. Linux firewalls are
    concerned about what comes into, goes out of, or passes through your
    machine at a lower level. Mostly you allow or deny packets depending on
    their source (which interface they come in on, or their IP address),
    their destination, and their protocol and port (such as port 80 tcp for
    http traffic). There are, of course, many other possibilities and
    features of iptables firewalls.

    For typical home use, you only need a very simple setup - everything
    outgoing is allowed, everything incoming is blocked unless it is in
    answer to outgoing connections. You may also want to open particular
    incoming ports, for applications such as bittorrent.


    Windows firewalling does most of that, though not perfectly (and with
    far fewer advanced options) - I believe there are certain services and accesses that you can't disable because the system uses them. It is not uncommon that attacks on Windows machines with the native firewall or third-party firewalls do so by exploiting flaws in the firewall software.

    What firewalls on Windows do, that firewalls on Linux normally don't do,
    is try to place limits on /programs/. In the Windows world, the
    assumption is that many of the programs running on your machine are
    malware, or legitimate programs that otherwise "phone home" in an
    undesirable way, or illegal copies of programs that might report
    themselves back to the publishers. So much of a Windows firewall's
    efforts are concerned with limiting the function of programs running on
    your system. Again, they vary a lot on how successful they are, and
    what the run-time costs in performance are. And they do not "show you
    what's going on" - they give some information about some things, but you
    have no way to be sure of any of it.


    Of course in Linux it is possible to limit programs' access to
    networking if you want - but it is normally only done by people looking
    for more advanced security measures. The simplest way is probably to
    make an extra user and set up rules to limit that user's access - then
    you run your suspect program as that user (if your program is suspect,
    you wouldn't want to run it as your normal user anyway). Or you would
    use a virtual machine to get better sandboxing. For more complete
    measures, including controlling the access of root programs, you should probably look at SELinux.

    I have no idea if there are gui's that help with this. But since it's
    way beyond what most people need, and something that needs to be
    thoroughly understood to be useful, I doubt it.





    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From Ant@110:300/1.1 to All on Sat Dec 3 17:58:38 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 12/3/2011 3:23 AM PT, David Brown typed:

    Ah, I want GUI because it is easier to understand what's going on. I use
    similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
    2009, Conseal PC Firewall, Norton, etc. :)

    These aren't similar products. Windows "firewalls" operate in a
    completely different way from Linux firewalls. Linux firewalls are
    concerned about what comes into, goes out of, or passes through your
    machine at a lower level. Mostly you allow or deny packets depending on
    their source (which interface they come in on, or their IP address),
    their destination, and their protocol and port (such as port 80 tcp for
    http traffic). There are, of course, many other possibilities and
    features of iptables firewalls.

    For typical home use, you only need a very simple setup - everything
    outgoing is allowed, everything incoming is blocked unless it is in
    answer to outgoing connections. You may also want to open particular
    incoming ports, for applications such as bittorrent.
    ....

    Well, I still want to get prompted what goes in and out. Then, I can
    tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I
    don't allow everything to go out either since I hate programs that phone
    home.
    --
    "The evaluator counts the ants at the picnic of progress." --Mohan Singh
    /\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / If crediting, then use Ant nickname and AQFL URL/link.
    ( ) If e-mailing, then axe ANT from its address if needed.
    Ant is currently not listening to any songs on this computer.

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: An Ant Farm (110:300/1.1@linuxnet)
  • From Ant@110:300/1.1 to All on Sat Dec 3 18:04:45 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 12/3/2011 2:10 AM PT, yamo' typed:

    Is Guarddog still the best frontend GUI program to configure iptables
    for firewalls in Linux (Debian) and average Linux desktop users?

    I don't know Guarddog, for using on a GUI I use firestarter.

    Interesting. It looks good.

    I have two questions since I didn't see the answers when quick glancing
    its documentations and screen shots: Does it prompt to allow/deny and customize in real-time when programs use the network? And does this
    program use iptables like Guarddog?
    --
    "This is the ant. Treat it with respect. For it may very well be the
    next dominant lifeform of our planet." --Empire of the Ants movie
    /\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
    / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
    | |o o| |
    \ _ / If crediting, then use Ant nickname and AQFL URL/link.
    ( ) If e-mailing, then axe ANT from its address if needed.
    Ant is currently not listening to any songs on this computer.

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: An Ant Farm (110:300/1.1@linuxnet)
  • From notbob@1:0/0 to All on Sat Dec 3 19:57:08 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 2011-12-03, Ant <ant@zimage.comANT> wrote:

    I have two questions since I didn't see the answers when quick glancing
    its documentations and screen shots: Does it prompt to allow/deny and customize in real-time when programs use the network? And does this
    program use iptables like Guarddog?

    I understand yer dilemma, having once been a Windows user, myself.
    Then, I used Signal9, which later was sold to and hosed by McAffee
    under the name Conseal. It did as you ask, prompted you each time a
    new connection w/o a corresponding rule, was made, either in or out,
    and asked what you wanted to do.

    "Do you want to pee-pee"?

    "Yes"

    "Do you have to unzip yer pants?"

    "Yes"

    Those days are over, Ant!

    If you now use linux, time to acquire a new mindset. Linux assumes
    you understand what yer doing and operates accordingly, not be a
    clueless newbie that needs yer hand held, each action requiring a
    question and answer babysitting session from the OS. You need to
    consider what you want and/or need, then configure the iptables
    firewall accordingly.

    The best security policy is, block ALL, allowing only what you need.
    Iptables allows "stateful inspection". These are rules which allow
    any outgoing traffic initiated by you, but only incoming traffic that
    is in direct response to the outgoing traffic you jes sent. Since
    linux, by its nature, has no applications phoning home or trying to
    contact the creator behind yer back ....at least by default.... then
    that shouldn't be a worry. Granted, a few applications like firefox
    are set up to phone home for updates, but I've yet to see one of these auto-update apps for linux do this without first asking and/or
    allowing you to disable this option. They may be out there, but I've
    not run across one, yet.

    So, if you browse google on yer browser, or send an IM message, you
    should be safe with any block all, statefull inspection, linux
    iptables packet filter (firewall) configuration. If you want to do
    bittorrents and share bits, or allow SSH access, or run an apache web
    server, yer gonna hafta open up yer firewall and understand how it
    works.

    Understand there are no firewall applications, only configuration
    applications for the linux kernal iptables packet filter. They all do
    the same thing, which is write the appropriate rules for iptables.
    You should learn about iptables and how it works and tcp/ip
    fundamentals and the various network protocols. Lotta good info pages
    out there on both subjects.

    IMO, understanding tcp/ip protocols is the best place to start.
    Here's a pretty good one:

    http://www.w3schools.com/tcpip/tcpip_intro.asp

    Once you learn the protocols, then learn how/why iptables filters
    them.

    Good luck! ;)

    nb

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From David Brown@1:0/0 to All on Sun Dec 4 02:34:56 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 03/12/11 17:58, Ant wrote:
    On 12/3/2011 3:23 AM PT, David Brown typed:

    Ah, I want GUI because it is easier to understand what's going on. I use >>> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
    2009, Conseal PC Firewall, Norton, etc. :)

    These aren't similar products. Windows "firewalls" operate in a
    completely different way from Linux firewalls. Linux firewalls are
    concerned about what comes into, goes out of, or passes through your
    machine at a lower level. Mostly you allow or deny packets depending on
    their source (which interface they come in on, or their IP address),
    their destination, and their protocol and port (such as port 80 tcp for
    http traffic). There are, of course, many other possibilities and
    features of iptables firewalls.

    For typical home use, you only need a very simple setup - everything
    outgoing is allowed, everything incoming is blocked unless it is in
    answer to outgoing connections. You may also want to open particular
    incoming ports, for applications such as bittorrent.
    ...

    Well, I still want to get prompted what goes in and out. Then, I can
    tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I don't allow everything to go out either since I hate programs that phone home.

    You are using Linux - programs for Linux are mostly either open source
    (and very rarely do anything nasty - it would quickly be spotted), or
    they are serious professional programs (which also don't do anything
    nasty - at least, not unless you have made illegal copies). Stop
    thinking in the Windows world.


    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From Jorgen Grahn@1:0/0 to All on Sun Dec 4 10:11:49 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    ["Followup-To:" header set to comp.os.linux.security.]

    On Sun, 2011-12-04, David Brown wrote:
    On 03/12/11 17:58, Ant wrote:
    On 12/3/2011 3:23 AM PT, David Brown typed:

    Ah, I want GUI because it is easier to understand what's going on. I use >>>> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall >>>> 2009, Conseal PC Firewall, Norton, etc. :)

    These aren't similar products. Windows "firewalls" operate in a
    completely different way from Linux firewalls. Linux firewalls are
    concerned about what comes into, goes out of, or passes through your
    machine at a lower level. Mostly you allow or deny packets depending on
    their source (which interface they come in on, or their IP address),
    their destination, and their protocol and port (such as port 80 tcp for
    http traffic). There are, of course, many other possibilities and
    features of iptables firewalls.

    For typical home use, you only need a very simple setup - everything
    outgoing is allowed, everything incoming is blocked unless it is in
    answer to outgoing connections. You may also want to open particular
    incoming ports, for applications such as bittorrent.
    ...

    Well, I still want to get prompted what goes in and out. Then, I can
    tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I
    don't allow everything to go out either since I hate programs that phone
    home.

    You are using Linux - programs for Linux are mostly either open source
    (and very rarely do anything nasty - it would quickly be spotted), or
    they are serious professional programs (which also don't do anything
    nasty - at least, not unless you have made illegal copies). Stop
    thinking in the Windows world.

    There's a narrow zone of "freeware" though -- Google Chrome, Skype,
    Adobe Flash ... I use none of them, but if I *did* want them I'd take
    the privacy risk into account first.

    (Of course the risk from these is less than from some random Windows
    ..exe you download -- about the same as from the corresponding Windows version.)

    /Jorgen

    --
    // Jorgen Grahn <grahn@ Oo o. . .
    \X/ snipabacken.se> O o .

    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From David Brown@1:0/0 to All on Sun Dec 4 12:00:05 2011
    Subject: Re: Is Guarddog still the easiest and best firewall GUI program for
    Linux?

    On 04/12/11 10:11, Jorgen Grahn wrote:
    ["Followup-To:" header set to comp.os.linux.security.]

    On Sun, 2011-12-04, David Brown wrote:
    On 03/12/11 17:58, Ant wrote:
    On 12/3/2011 3:23 AM PT, David Brown typed:

    Ah, I want GUI because it is easier to understand what's going on. I use >>>>> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall >>>>> 2009, Conseal PC Firewall, Norton, etc. :)

    These aren't similar products. Windows "firewalls" operate in a
    completely different way from Linux firewalls. Linux firewalls are
    concerned about what comes into, goes out of, or passes through your
    machine at a lower level. Mostly you allow or deny packets depending on >>>> their source (which interface they come in on, or their IP address),
    their destination, and their protocol and port (such as port 80 tcp for >>>> http traffic). There are, of course, many other possibilities and
    features of iptables firewalls.

    For typical home use, you only need a very simple setup - everything
    outgoing is allowed, everything incoming is blocked unless it is in
    answer to outgoing connections. You may also want to open particular
    incoming ports, for applications such as bittorrent.
    ...

    Well, I still want to get prompted what goes in and out. Then, I can
    tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I >>> don't allow everything to go out either since I hate programs that phone >>> home.

    You are using Linux - programs for Linux are mostly either open source
    (and very rarely do anything nasty - it would quickly be spotted), or
    they are serious professional programs (which also don't do anything
    nasty - at least, not unless you have made illegal copies). Stop
    thinking in the Windows world.

    There's a narrow zone of "freeware" though -- Google Chrome, Skype,
    Adobe Flash ... I use none of them, but if I *did* want them I'd take
    the privacy risk into account first.

    True enough (though Chrome has the open source Chromium variant). And
    we already know that Skype phones everywhere!


    (Of course the risk from these is less than from some random Windows
    .exe you download -- about the same as from the corresponding Windows version.)


    Yes, that's my point. The Linux world is not perfect - it's just vastly better than the Windows world in this particular aspect. And if you do
    want to be extra paranoid, then you have that option in Linux.

    /Jorgen



    --- MBSE BBS v0.95.13 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne