FIREWALLS FOR LINUX MINT

Questions about applications and software
Forum rules
Before you post please read how to get help
OzzMan
Level 1
Level 1
Posts: 1
Joined: Sun Jul 27, 2008 12:56 pm

FIREWALLS FOR LINUX MINT

Post by OzzMan »

Can u advise me what the best firewall for a home use desktop might be? Running an older p4 2.8Mhz 2G's of memory with Elyssa as my OS. Thank you for your help

OZZ

exploder
Level 15
Level 15
Posts: 5526
Joined: Tue Feb 13, 2007 10:50 am
Location: HartfordCity, Indiana USA
Contact:

Re: FIREWALLS FOR LINUX MINT

Post by exploder »

Mint has a built in firewall by default. You can use a GUI frontend like Firestarter but there really is no need to do anything.

User avatar
linuxviolin
Level 8
Level 8
Posts: 2082
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Re: FIREWALLS FOR LINUX MINT

Post by linuxviolin »

+1.

No need for a "second" firewall... :wink:

You may want read this
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)

User avatar
Fred
Level 10
Level 10
Posts: 3337
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: FIREWALLS FOR LINUX MINT

Post by Fred »

Humm... I think what we have is confusion caused by varying definitions of terms. netfilter/iptables/ipsec is the firewall/port control for Linux. It is a part of, and is built into, the infrastructure of the system. Any software that purports to control the ports in Linux must do so through this infrastructure.

What are commonly called firewalls in Linux should probably more accurately be called configuration and/or logging utilities. Anything that can be done by these utilities to control the behavior of the port system can also be done from the CLI. There is nothing special happening here as far as additional protection from a so called firewall, other than possibly a more robust rule set than the one provided by default by the distro. This same rule set could be implemented from the CLI.

If you would like to verify this I would suggest you take a look at the source code for some of the open source firewalls. You will see that most of the working code pertains to the GUI, managing the rule sets for iptables and doing selective logging, formatting and displaying of data.

The term "software firewall" seems to be a hold over from Windows, which has no port control comparable to Linux. In Windows case this software is bolted on, so-to-speak, as an attempted work-around for this design deficiency.

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.

Biker
Level 5
Level 5
Posts: 512
Joined: Sat Apr 17, 2010 1:58 am
Location: Where my hat is

Re: FIREWALLS FOR LINUX MINT

Post by Biker »

Unless one is doing something they shouldn't be doing, I have yet to see a regular user be "attacked" over the Internet. :roll:

Probed, yes. A full scale DDoS attack? No.
Linux User #384279

FedoraRefugee
Level 6
Level 6
Posts: 1274
Joined: Fri Oct 03, 2008 11:25 am

Re: FIREWALLS FOR LINUX MINT

Post by FedoraRefugee »

zerokool wrote: Fred, not everyone is a dull server room geek that thinks its clever to type a load of unintuitive gibberish into a terminal and who the bloody hell wants to go thru software source code??? except the aforementioned 'type' of course.

I as a user who simply wants to get on with a task and not spend several hours a day actually thinking about the underlying OS on my pc, find it constructive to use the modern day GUI based apps and OSes.

To the OP, gufw is kindly installed by default in Mint but in all honesty is pathetic, at a glance it gives almost no options, certainly nothing like enabling ICMP filtering or blocking broadcasts from external networks (unless you start typing a load of craop into a cli or whatever). So I recommend Firestarter because you can see what you are doing nice & clear and have the option of lockdown in case of attack, a damn site beter than having to iopen up a terminal & start typing crap very quickly under attack.....ooohhh, that would be funny to watch. Go with Firestarter and ignore the twits who break out into an allergic rash at the mention of anytjhing GUI based.
lol! How about the twits that break out in a cold sweat whenever anyone even mentions a terminal? :lol: Sounds like someone has a terminal phobia! :mrgreen:

What really gets me is how, time after time, people can admit how dumb or scared they are because they do not understand something yet think they are making the ones that do look stupid! :lol: netfilter/iptables is not hard to figure out but by all means, a GUI frontend does make life easier. I do not think Fred was suggesting otherwise. I believe he was just trying to clarify that the various "programs" you install are simply frontends for this. That was all. No need to go all ballistic because you thought he was trying to be 1337 or something... :roll: :?

XidCat
Level 3
Level 3
Posts: 144
Joined: Sun Oct 18, 2009 9:05 pm

Re: FIREWALLS FOR LINUX MINT

Post by XidCat »

First, I too take offense... Fred is extremely knowledgeable and helpful, to say otherwise shows a lack of respect. Enough on that. Back to the OP...

The point is that there is no firewall for Linux. There is iptables which is port control embedded in the kernel. To effectively control ports, you need to understand how iptables works, what is default in iptables (can vary by distro). The only way to do so is read, read, read and work with iptables using the terminal until you understand how it works. Using a GUI is fine, but if you don't understand what is going on behind the scenes you will (just a matter of time) turn your box into a non-networking brick, period. I work in computer security and have done so for a long time. The default settings in Mint are fine, no need to tweak iptables at all, especially if you are behind a NAT router and not running as a server.

You can run PCFlank or GRC with your NAT router set up to DMZ to your Linux box. It will show ports closed, not stealthed and it will say failed. BS, closed or stealthed, either is just fine, these websites spread too much FUD. As biker said, no one is going to DDOS or hack a single user, it is not time/cost effective, profitable or newsworthy. If you have a home network, your biggest threat is other users on your own network.
"Contrariwise", continued Tweedledee, "if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic."

Lewis Carroll, Through the Looking-Glass, Chapter 4

Biker
Level 5
Level 5
Posts: 512
Joined: Sat Apr 17, 2010 1:58 am
Location: Where my hat is

Re: FIREWALLS FOR LINUX MINT

Post by Biker »

zerokool wrote:I dont hate the terminal and am trying to learn as much as i can as a newbie to Linux and have memorised quite a few useful commands but often have to write them down on paper as a reference. So far i like Linux, what i object to is stupidity and the apparent fear of breaking out into an allergic reaction by the experienced Linux folks at the thought of using a GUI method or a really great program like Ubuntu Tweak for example, which really offers a lot of functionality including the easy removal of previous Kernel versions and a lot more, but if you ask a user here how to you get an idiotic 3 paragraphs of unintuitive gibberish to type into a terminal instead of 3 mouse clicks............so whose laughing?? :lol: :lol: :lol: :lol:
I am. Because you're still coming across as someone who fears terminal.

One of the reasons I will never use Ubuntu and Mint as a primary distribution is they have gone too far in creating another generation of the clueless when it comes to understanding the OS. Windows created the first generation. Creating a Linux distro where users can rely solely on GUI to do all their needs is perpetuating that problem.

If you're unwilling to learn how the OS works, that's your prerogative. But to slam those that provide a means to really understand what's going on is going to far, and you'll be taken to task for it.
Linux User #384279

FedoraRefugee
Level 6
Level 6
Posts: 1274
Joined: Fri Oct 03, 2008 11:25 am

Re: FIREWALLS FOR LINUX MINT

Post by FedoraRefugee »

zerokool wrote:hi Fedora, actually I'm not going ballistic at all, and don't actually mean anything in a bad way, its just I get a bit fed up with so many people in the Linux community going to incredible lengths to avoid clicking on a gui button with a mouse, because most of the time it is a far easier thing to do especially for a newbie, but so many seem to think that it is somehow super-clever to type a load of rubbish into a terminal. Actually it is like going back 3 or 4 decades to the days of small monochrome terminals in a room with a mainframe when there was no other choice, so man in white jackets with long beards had to type their special commands etc.

I dont hate the terminal and am trying to learn as much as i can as a newbie to Linux and have memorised quite a few useful commands but often have to write them down on paper as a reference. So far i like Linux, what i object to is stupidity and the apparent fear of breaking out into an allergic reaction by the experienced Linux folks at the thought of using a GUI method or a really great program like Ubuntu Tweak for example, which really offers a lot of functionality including the easy removal of previous Kernel versions and a lot more, but if you ask a user here how to you get an idiotic 3 paragraphs of unintuitive gibberish to type into a terminal instead of 3 mouse clicks............so whose laughing?? :lol: :lol: :lol: :lol:
I am glad you did not take my post wrong. :D Do you know, I have been using Linux over 10 years and I can count the bash commands I know on both hands! :shock: Seriously, cp for copy, cd for change directory, of course there is su - and sudo...the -l flag usually means list...It really is not rocket science, and you do not really have to be an uber-geek or learn anything special. Just do it!

The thing is, the terminal IS usually the easiest way to do anything. I could take a paragraph telling you to find a particular entry in the menu open that, navigate to the third option, click that, check the second box, click apply...Or I could simply say:

Code: Select all

sudo apt-get install anything
or

Code: Select all

cd ~/anydirectory
su -
sh /filetoexecute
There is no question about what to type, in fact, you could just copy the commands direct from my post. There is also little doubt that keyboard users are much faster than mouse users. I do okay on my laptop, I do not mind scrolling and such, but I get picky on my work computer. I do not like leaving the keyboard for anything, to the point where I prefer Fluxbox because it allows me to easily tailor keyboard shortcuts for everything, not saying you cannot do the same in Gnome...

I do not think very many people use bash commands in the forums to try to be elite or to alienate newer users. It is simply the Linux way. It is the fastest, easiest, and most precise way to convey directions. To the contrary, I get tired of people constantly complaining about having to use a terminal! To the extent that my frustration shown through in my last post! People make it such a huge issue when it really isn't! Just do it! I understand the aversion to lines of gibberish, but it really is not as bad as all that. And it is much less buggy than most of the GUIs. I give you this thread as evidence of that, and Fred even makes an astute comment there too:

http://forums.linuxmint.com/viewtopic.php?f=90&t=47072

Really, things were so much simpler 10 years ago when we just accepted that in order to use linux we had to learn a few basics. It only gets complicated when the developers add constant layer after layer to try and hide the underlying operations. Automagic is great until it does not work. Then it becomes the biggest PITA to try and fix! It is so much nicer to just:

Code: Select all

sudo gedit /etc/rc.conf

FedoraRefugee
Level 6
Level 6
Posts: 1274
Joined: Fri Oct 03, 2008 11:25 am

Re: FIREWALLS FOR LINUX MINT

Post by FedoraRefugee »

ROFL, do you happen to be one of Ubuntu Tweak developers? :lol:

Hey, listen, I use Synaptic all the time! I am sure Tweak is a great tool. I have nothing against GUI tools...When they work anyway...

The thread where the dude asked how to get the newest version of Firefox was straightforward. It really is as simple as opening a terminal and copying from the instructing website:

Code: Select all

sudo add-apt-repository ppa:mozillateam/firefox-stable
Then

Code: Select all

sudo apt-get update
I think the step he forgot was:

Code: Select all

sudo apt install firefox-3.6
It appears that Viper2 merely overlooked that Firefox 3.6 is called "Namoroka" in the menu. He has not posted back so I am speculating. You could not PAY me to use the newest Firefox so I have no experience with this package myself. :lol:

But anyway, I could accomplish the above commands, especially copying and pasting, in 1/4 of the time it would take you to install Tweak and do it that way.

But...I am happy you have Tweak available. If it makes life easier for you then great! But when I am giving someone directions for something I try not to force them into installing other packages just so they can install what they need. I also do not know that Tweak will not have adverse effects on Mint!!! Not saying that it does, but I would want to be certain it is completely safe before I suggested it.

User avatar
Kaye
Level 5
Level 5
Posts: 933
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College
Contact:

Re: FIREWALLS FOR LINUX MINT

Post by Kaye »

zerokool wrote:but if you ask a user here how to you get an idiotic 3 paragraphs of unintuitive gibberish to type into a terminal instead of 3 mouse clicks............so whose laughing?? :lol: :lol: :lol: :lol:
There are very limited cases in which using a GUI is faster or more efficient than using a terminal command to accomplish the same thing. Your statement emphasizes the fact that you do not understand Linux, and that you don't really want to. Fred didn't tell anyone to use any terminal commands at all, he was simply outlining the fact that using Firestarter doesn't actually make you any more protected than you would be otherwise. It adds nothing to your system at all other than a GUI front-end.

Once you know how to use the CLI, then you can start to make comments about it and people will actually take you seriously. Spewing filth about how much "more efficient" a GUI is than a terminal without knowing anything about bash makes you look just a bit stupid :)
"In somnis veritas"
Antivirus or defragging?
Image

FedoraRefugee
Level 6
Level 6
Posts: 1274
Joined: Fri Oct 03, 2008 11:25 am

Re: FIREWALLS FOR LINUX MINT

Post by FedoraRefugee »

zerokool wrote: but in this particular case a newbie like myself has shown up a few geeks for making a load more work for themselves or for the new users they are trying to help.
Have you? :?

Biker
Level 5
Level 5
Posts: 512
Joined: Sat Apr 17, 2010 1:58 am
Location: Where my hat is

Re: FIREWALLS FOR LINUX MINT

Post by Biker »

Doesn't look like it from here.
Linux User #384279

User avatar
DrHu
Level 17
Level 17
Posts: 7525
Joined: Wed Jun 17, 2009 8:20 pm

Re: FIREWALLS FOR LINUX MINT

Post by DrHu »

zerokool wrote:Fred, not everyone is a dull server room geek that thinks its clever to type a load of unintuitive gibberish into a terminal and who the bloody hell wants to go thru software source code??? except the aforementioned 'type' of course.

I as a user who simply wants to get on with a task and not spend several hours a day actually thinking about the underlying OS on my pc, find it constructive to use the modern day GUI based apps and OSes.
...I as a user who simply wants to get on with a task..
Then why don't you accept the defaults provided by the OS, that is what any windows user would do: before worrying about any of the best/latest/greatest/easiest ?firewalls (software firewalls)

And you can check the status of the firewall (or IPTABLES ruleset) in Ubuntu/Mint in a terminal (it's that easy)
In terminal, check
  • sudo ufw status
    Status: active
    gfw
    --you will find it on the menus, or you can start it with
    /usr/bin/gufw
Fred wrote:If you would like to verify this I would suggest you take a look at the source code for some of the open source firewalls. You will see that most of the working code pertains to the GUI, managing the rule sets for iptables and doing selective logging, formatting and displaying of data.
I agree that looking at the source code is the legitimate way of understanding the system, but it is not something the average Linux user or even program developer might do, and shouldn't be expected from the normal users, such as the demographic type sought by desktop Linux OS's.
--and actually with some careful reading, understanding IPTABLE rules won't be that difficult, although it can be considered technical..

User avatar
DrHu
Level 17
Level 17
Posts: 7525
Joined: Wed Jun 17, 2009 8:20 pm

Re: FIREWALLS FOR LINUX MINT

Post by DrHu »

zerokool wrote:"spewing filth" oh dont be such a silly little boy, I mention a simple case in which it is actually far simpler to use an app instead of several lines of text input & text editing (assuming the app is already installed of course).
..(assuming the app is already installed of course)...
Exactly!
--by that time the terminal user has finished and moved on to another issue, and presuming that such a person already knows about this application and its use: something you might not expect from a new user, would you ?

You haven't managed to show up any terminal users herein.
--we all use a GUI when it makes sense, you will often see people recommend different file managers (that is a GUI on their desktop), and have preferences or fixes for some of its functions
for instance, in Gnome, I like gnome-commander, and as a generic file manager type, I like the xtree derived styles, such as mc (Midnight Commander), yes it looks like a terminal file manager, because it runs in terminal mode (ncurses), however it works well and fast..
http://www.xtreefanpage.org/
  • The original best Dos file manager: xtree fan page..
http://en.wikipedia.org/wiki/Midnight_Commander

Linux cheat sheets..
http://www.scottklarr.com/topic/115/lin ... ollection/

FedoraRefugee
Level 6
Level 6
Posts: 1274
Joined: Fri Oct 03, 2008 11:25 am

Re: FIREWALLS FOR LINUX MINT

Post by FedoraRefugee »

Here is a great example of CLI versus those too scared to open a terminal.

First, this is how someone just suggested you can reinstall Grub without the terminal. I did not respond as it is a welcome tutorial, and there may be legitimate reasons why someone would want to do it this way:
Most tutorials will have you boot the live cd and go to the Command line. There a faster and easier way.


1. Download super grub disk (CDROM) frorm http://www.supergrubdisk.org/index.php

2. use imgburn or what you like to burn the iso to cd.

3. restart pc and boot to cd-rom. If windows boot read here: http://www.hiren.info/pages/bios-boot-cdrom

4. If the cd boots up you will see a grub menu.

5a. If your linux is Ubunu or Linux Mint, just pick "Boot Ubuntu Gun/Linux"

5b. If your linux is not Ubunu or Linux Mint pick "Detect any OS" Wait up to 10 sec. Now pick your Linux OS. (ESC to go back to fist menu)

6. When you get booted in to your Linux load up "Synaptic Package Manager"

7. Quick search for "GRUB"

8. Find the Grub verion you have installed. (look for the green box.) It will be "grub" or "grub2" or "grub-pc". For me the "grub-pc" is the one with the green box.

9. Right click on you installed Grub verion (the green box) and pick "Mark for reinstallation"

10. Click "Apply" on toolbar. Summary box will open just Apply.

11. take out cd, and restart pc.

DONE.
Faster and easier? :shock: Are you bloody kidding?

Now the traditional CLI way from the Mint Live CD:
Boot the live CD. When the LIVE CD loads open a terminal. If you do not know your partition layout you can type:

Code: Select all

sudo fdisk -l
Mount your Mint partition in the mount directory:

Code: Select all

sudo mount /dev/sd?? /mnt
Replace the question marks with the partition letter and number, ie: sda2.

Now install Grub in the MBR of the first drive:

Code: Select all

sudo grub-install --root-directory=/mnt/ /dev/sda
then run

Code: Select all

sudo update-grub
Is there really ANY comparison? :roll:

User avatar
Kaye
Level 5
Level 5
Posts: 933
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College
Contact:

Re: FIREWALLS FOR LINUX MINT

Post by Kaye »

zerokool wrote:"spewing filth" oh dont be such a silly little boy, I mention a simple case in which it is actually far simpler to use an app instead of several lines of text input & text editing (assuming the app is already installed of course).
The "spewing filth" was more related to your Ubuntu Tweak evangelism all over the forums as of late. Although any post reprimanding Fred for giving bad information is likely filth as well. I've never seen him give bad advice and I wager you'd be hard pressed to find someone who has.
zerokool wrote:As for your other adolescent remarks about knowing Linux, I never said I did, but in this particular case a newbie like myself has shown up a few geeks for making a load more work for themselves or for the new users they are trying to help.
You haven't "shown up" anyone, not by a long shot. You have shown your own ignorance and arrogance though. You don't know Linux, and thats fine; last year, I didn't either. The difference between you and I is that I wanted to learn Linux for what it is rather than expecting a clone of Windows. Read the thread in this forum "Linux is not Windows." It'll shed a lot of light for you.
zerokool wrote: In view of the fact that my command of the English language is not clear enough for you to respond properly here is another NON computing example:-

If you had to mow your lawn, would you walk a half mile from your house first before starting on the task at hand so that you could single handedly chop down a large oak tree and then return to your house to do the lawn because somehow you think it was either being clever to chop down the tree or maybe because you were stupid enough to think that chopping down a tree half a mile away would benefit the result of your lawn mowing????

no Kaye, its not spewing filth, I simply mention a few home truths, a bit of reality and am coming from the point of view of a newbie.
What a metaphor fail. Involving many useless steps would be the GUI way of doing things. I would take out my lawn mower and mow the lawn (the CLI way of doing things). That metaphor has nothing to do with anything. Read FedoraRefugee's post right above this one for a good example of GUI fail (+1 for that by the way FR :)). This is my biggest problem with what you're saying: you have no idea what you're talking about!

Even though you're totally off base here, I also have to agree with what Ikey said. There are definitely situations in which a GUI is the better choice. The appearance menu comes quickly comes to mind. For many things however, the only reason to use a GUI is ignorance of the CLI, and considering how easy it is to learn bash that's really no excuse.
"In somnis veritas"
Antivirus or defragging?
Image

Capt Turk
Level 3
Level 3
Posts: 104
Joined: Mon Aug 31, 2009 8:40 pm

Re: FIREWALLS FOR LINUX MINT

Post by Capt Turk »

And with all the hoopla about CLI versus GUI, I still can't get the latest stable firefox. lol!!

turk-laptop turk # sudo add-apt-repository ppa:mozillateam/firefox-stable
bash: add-apt-repository: command not found

Hmmm...... I wonder if that tweak GUI thingy will work??? :roll: :lol:

User avatar
Kaye
Level 5
Level 5
Posts: 933
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College
Contact:

Re: FIREWALLS FOR LINUX MINT

Post by Kaye »

Uh.. What version of Mint are you using?

Code: Select all

sudo add-apt-repository ppa:mozillateam/firefox-stable
should definitely work. I notice you're already in a root prompt.. I don't see why it would make a difference but try running this out of a normal user prompt or omitting the sudo if you must work in a root prompt.
"In somnis veritas"
Antivirus or defragging?
Image

User avatar
Kaye
Level 5
Level 5
Posts: 933
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College
Contact:

Re: FIREWALLS FOR LINUX MINT

Post by Kaye »

Uh.. What version of Mint are you using?

Code: Select all

sudo add-apt-repository ppa:mozillateam/firefox-stable
should definitely work. I notice you're already in a root prompt.. I don't see why it would make a difference but try running this out of a normal user prompt or omitting the sudo if you must work in a root prompt.
"In somnis veritas"
Antivirus or defragging?
Image

Post Reply

Return to “Software & Applications”