Firestarter

Questions about the project and the distribution - obviously no support questions here please

Firestarter

Postby Fragadelic on Sat Dec 16, 2006 12:20 am

Clem,

You should look into including Firestarter(firewall setup tool) if you haven't already. This is a must for folks that don't have a separate firewall and frankly I'm surprised Ubuntu doesn't include it to begin with.
User avatar
Fragadelic
Level 4
Level 4
 
Posts: 469
Joined: Wed Nov 15, 2006 11:05 am
Location: Canada

Linux Mint is funded by ads and donations.
 

Re: Firestarter

Postby scorp123 on Sat Dec 16, 2006 6:23 pm

Fragadelic wrote:This is a must for folks that don't have a separate firewall and frankly I'm surprised Ubuntu doesn't include it to begin with.


Maybe a wizard wouldn't be bad, e.g. during installation? "Do you need Firewall? (yes / no)" So people not needing it can just click it away and don't need to bother with it. All others say "yes" and voila, firewall is up, even though there is nothing in the default installation that would need any protection, IMO.

Regards,
Scorp123
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby Fragadelic on Sat Dec 16, 2006 11:44 pm

A firewall is a must for any internet connected computer. To think that bsd or linux or mac osx are not susceptible to attack would be very naive and dangerous.

Virus issues and such are not the same as port attacks.

If you just add firestarter to the system, it adds a menu item so you can use it if you want to.
User avatar
Fragadelic
Level 4
Level 4
 
Posts: 469
Joined: Wed Nov 15, 2006 11:05 am
Location: Canada

Postby clem on Sun Dec 17, 2006 7:01 am

Hi Tony,

I had a look at firestarter and it looks quite good. It's too late to make its way into Bea but I'm noting it down on my list of ideas for Bianca :)

Clem
User avatar
clem
Level 15
Level 15
 
Posts: 5514
Joined: Wed Nov 15, 2006 8:34 am

Postby scorp123 on Sun Dec 17, 2006 10:21 am

Fragadelic wrote:A firewall is a must for any internet connected computer.


I disagree. If there is no service running (as on a desktop system) there is no point in a firewall. Unless you are using your Linux box as the firewall to protect your LAN, but then you'd use something like SmoothWall or IPcop ... or M0n0Wall. Or the commercial Astaro product, and not Linux Mint or Ubuntu.

Regards,
Scorp123
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby Fragadelic on Sun Dec 17, 2006 3:42 pm

You would be incorrect since even X runs as a service with a network listener port.

This would be for folks that don't have a hardware firewall of some sort.

Not running a firewall of some sort on a directly connected PC on the internet is just asking for trouble regardless of what OS you are running.

If you like, go ahead and directly connect your PC to the internet without a firewall and run a port scan on it. I wouldn't recommend doing this with a production PC though.
User avatar
Fragadelic
Level 4
Level 4
 
Posts: 469
Joined: Wed Nov 15, 2006 11:05 am
Location: Canada

Postby scorp123 on Sun Dec 17, 2006 4:59 pm

Fragadelic wrote:You would be incorrect since even X runs as a service with a network listener port.

I thought that per default port 6000 is closed. You have to enable it, e.g. via the login manager panel (gksu gdmsetup). All present-day distributions do this, e.g. port 6000 is closed and X11 runs with the "tcp nolisten" option. And even if port 6000 were open, it still it can't be exploited that easily.

Fragadelic wrote:This would be for folks that don't have a hardware firewall of some sort.
That's why I suggested that a wizard should ask about this during installation. e.g. SUSE does this too.

Fragadelic wrote:Not running a firewall of some sort on a directly connected PC on the internet is just asking for trouble regardless of what OS you are running.
Sorry, but that's FUD. If there is no service running that would respond to any connection requests, than a firewall is pretty much pointless. Servers which run some sort of network service (e.g. SAMBA, FTP, NFS, etc.) are a different story. But even then you most of the time don't need a full blown Firewall, stuff like having "denyhosts" running in the background or keeping your /etc/hosts.deny and /etc/hosts.allow up-to-date can already help a great deal.

Adding a firewall that closes down everything per default just adds another layer of complexity that might get in one's way. And most Linux desktops simply aren't running any services that would require this level of protection.

Maybe it would again be wise to immitate Mandriva in this regard: Offer an "Advanced" button of some sorts during the installation where experienced users can turn off the firewall if they so wish. The default is to install it, just to be on the safe side.

Fragadelic wrote:If you like, go ahead and directly connect your PC to the internet without a firewall and run a port scan on it. I wouldn't recommend doing this with a production PC though.
I've done precisely that many many many times with my Laptop which runs Linux. And guess what: Besides a few desperate skript kiddies trying to login as "root" via SSH nothing happens. Because I am simply not running anything on my desktop that would need a Firewall.

I think the best thing to suit you and me would be this wizard thing. Unexperienced users get it activated per default as a standard, "Advanced" users can click on a "No" button and get their system without firewall if they so wish.
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby mintero on Sat Feb 17, 2007 1:28 pm

clem wrote:Hi Tony,

I had a look at firestarter and it looks quite good. It's too late to make its way into Bea but I'm noting it down on my list of ideas for Bianca :)

Clem

Hi, Clem
I installed Firestarter in Bea and it didnt work. (I had no problem with Ubuntu 6.06 though).
There was a script in /etc/init.d, but it was as inexistant. Firestarter didn't run at boot time. I ran it manually everytime and had to click on Start for it to be active. After 3-4 trials, I gave up and installed guarddog. It works perfectly...

I mention this as feedback for your decision about the choice of a firewall. Certainly more feedback would be necessary.
LinuxMint Bea
mintero
Level 2
Level 2
 
Posts: 60
Joined: Fri Feb 16, 2007 2:22 pm

Linux Mint is funded by ads and donations.
 

Return to Non-technical Questions

Who is online

Users browsing this forum: No registered users and 8 guests