Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

Posted by timothy on from the perfect-security-on-the-way dept.

An anonymous reader writes "I am a new Linux user; I'm on 2nd day now. Currently I am trying out Ubuntu, but that could change. I am looking for a user friendly firewall that I can set up that lets me do these things:1) set up a default deny rule 2) carve out exceptions for these programs: browser, email client, chat client, yum and/or apt. 3) carve out exceptions to the exceptions in requirement 2 — i.e. I want to be able to then block off IPs and IP ranges known to be used by malware, marketers, etc., and all protocols which aren't needed for requirement 2. It also needs to have good enough documentation that a beginner like me can figure it out. Previously, I had done all of the above in AVG Firewall on Windows, and it was very easy to do. So far, I have tried these things:1) IPTABLES — it looked really easy to screw it up and then not notice that it's screwed up and/or not be able to fix it even if I did notice, so I tried other things at that point... 2) searched the internet and found various free firewalls such as Firestarter, GUFW, etc., which I weren't able to make meet my requirements. Can someone either point me to a firewall that meets my needs or else give me some hints on how to make firestarter or GUFW do what I need?"

7 of 187 comments (clear)

  1. Shorewall by ttucker · · Score: 4, Informative

    Shorewall is a pretty good iptables configuration tool.

    1. Re:Shorewall by Durrik · · Score: 4, Insightful

      Shorewall is very nice. For the user I would suggest using it and installing webmin to configure it. Webmin does an OK job configuring shorewall which is already pretty easy to set up, just it can be fairly confusing for the first timer with all the config files. After the first few times with webmin you learn how to do it with the command line and vim.

      Bastille-linux is also something that was fairly easy to use in the past. I used that before shorewall, but I haven't used bastille for years, must be a least a decade so I don't know what the current state of it is.

      --
      Software Engineer & Writer of Military Science Fiction and Fantasy Blog: petermwright.com Twitter: WrightPeterM
    2. Re:Shorewall by dreamchaser · · Score: 5, Funny

      So what do I need to install to configure webmin?

      The IQ of a chimpanzee should suffice.

  2. User friendliest: by Anonymous Coward · · Score: 5, Funny

    I would suggest installing WINE and then running Windows Firewall.

    1. Re:User friendliest: by Anonymous Coward · · Score: 5, Funny

      case $- in
      *i* ) # Interactive shell
                      if [ -f ~/noob ]; then
                      source ~/noob
                      fi ;;
      esac
                      if [ -z "$DISPLAY" ] && [ $(tty) == /dev/ttyx ]; then
                      whoosh
                      fi

  3. Re:Why? Is it really necessary? by abhi_beckert · · Score: 5, Interesting

    You're making the assumption that all the bad stuff is outside the firewall and nothing evil ever gets in.

    An example of how I use my firewall, is I block my email program from making any network connection other than imap/smtp. If it tries to make any other network connection (eg: downloading images from a web server), the firewall blocks it.

  4. Re:Wrong paradigm here by DanielOom · · Score: 5, Funny

    Nothing wrong here: the Windows firewall is designed for keeping malware inside the PC and out of the Internet, the other firewalls are designed for keeping malware on the Internet out of the computer.