Using Mandrake 10.1 as a desktop environment, office, browsing, e-mail, ng's, etc.
I'd like to put up a firewall. Recommendations appreciated. Ideally, the firewall would detect programs accessing the ethernet and then put up an "allow/deny" question box. (Lazy? er, yes.).
I did download Bastion, but for some strange reason the de-archiving is taking a very long time... strange behavior... I don't trust it enough to install it.
In order to answer this question, it would help to know what problems you were having with the default firewall (or would it not install properly for some reason?)
Only catch being if you come across a webpage or some other internet service that uses an oddball port. Guarddog is primarly based around opening/closing specific ports, so access to the oddball port you want will be disabled until you add a custom protocol to GD's list. BitTorrent users who use ports other than 6881, for instance.
Jan 17 15:04:09: IPT In FIREWALL: IN=ppp0 SRC=64.124.186.66 LEN=72 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=62309 DPT=53 LEN=52 Jan 17 15:04:09: IPT In FIREWALL: IN=ppp0 SRC=212.187.170.2 LEN=72 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=43340 DPT=53 LEN=52 Jan 17 15:04:09: IPT In FIREWALL: IN=ppp0 SRC=202.222.25.4 LEN=72 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=10847 DPT=53 LEN=52
Iptables can log anything you want. You could even log all incoming and all outgoing messages if you did not have enough to read. I seriously do not recommend that. I used to log all rejected incoming and outgoing messages, but I had to turn of logging of rejected pings since there are so many.
I get rashes of this stuff, all hitting my name server (which is not open to the public). They come in bunches so while the SRC addresses are all different, they are obviously part of a concerted attack. I.e., I will get a couple of dozen of these, then a 10-minute break, then another batch from the same IP addresses. It seems to me that a lot of machines have been infected with some virus that launches these things regularly.
And it might be very nice, but Mandrake 10.1 sets up iptables by default with generally sensible settings, so I was just wondering what problem Alan was trying to solve with a different firewall. It turned out he was thinking like a Symantec-on-Windows user, expecting the firewall to be very talkative.
I meant Symantec-like popping-messages-to-the-display kind of behaviour as opposed to silently writing to the logs. But that was an inference on my part anyway.
Firestarter may be annoying enough if you leave the GUI running: it spits the log out real time on the GUI, and lets you refine your firewall in various ways based on the hits. What is still missing is the regular pop-up asking you what to do with every packet, but there's always the panel applet blinking red and green at you :)
Essentially correct. I can't see any logged activity ... but that's 'cause I don't know where to look...!(yet). Ain't being new at something refreshing...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.