Searching for an advanced firewall

[Marie SWE]

Hi all

I wonder if there is any advanced firewalls to Linux?
On my wish list of what i want it to do (besides the obvious a firewall does) is following.

1. A simple real time overview of which programs/files are connected, preferably with the target's IP address and mac address. A bonus if the amount of data transfer is displayed in real time.
2. It should be easy and fast to give permission/block the program/file either permanently or just for this user session. Both for inbound and outbound traffic.
3. Be able to create rules where i can specify mac and ip address over computers or targets that may or may not have access, both in and outgoing rules. Ideally if I can specify a whole net-range. ex.100.0.0.1-100.255.255.255. Additional bonus is being able to block domains or part of domain. (ex: https: // example.com or example.example.com or * .example.com)
4. There must be different types of logs, especially traffic logs that log normal traffic, as well as security logs for intrusion attempts with time, date, length, port, ip-address and preferably the mac address of the attacker. Bonus if there is a built-in backtrace feature.
5. Bonus... If I have multiple network cards in the computer, if i could create different rules for the different network cards.

Is there such or better for Linux?

Best Regards Marie

[ZakGordon]

gufw seems to be the firewall most use, and it appears robust enough if simple.

Iirc it is installed as part of Mint, just not activated. Others will be able to give you the instructions for all that but in the meantime here is the site to find if it does all you need:

http://gufw.org/

When i set mine up i also installed a desktop GUI just to make it easier to use (for me, an ex-windows user!).

[Marie SWE]

I already have that one installed, but it's not as advanced as I'm used to (from windows environments) No Mac control, no real time traffic overview with IP numbers.. and so on..

[Pjotr]

Well, you can probably achieve anything you want (and more) with the underlying iptables.... After all, Linux is originally a server OS, powering nearly 100 % of the world's servers.

However, iptables is command line-only and not easy to operate. So the question is: why do you think that you need all this advanced firewall configuration for your desktop?

For desktop users, the features of ufw and gufw should fulfill all reasonable firewall needs. They've been designed with exactly that purpose in mind: to make it easy for desktop users to do what's necessary for them.

Note that Linux is very secure by design; it needs far less "security crutches" than Windows does:
https://sites.google.com/site/easylinux ... t/security

[Marie SWE]

Well, you can probably achieve anything you want (and more) with the underlying iptables.... After all, Linux is originally a server OS, powering nearly 100 % of the world's servers.

However, iptables is command line-only and not easy to operate. So the question is: why do you think that you need all this advanced firewall configuration for your desktop?

For desktop users, the features of ufw and gufw should fulfill all reasonable firewall needs. They've been designed with exactly that purpose in mind: to make it easy for desktop users to do what's necessary for them.

Note that Linux is very secure by design; it needs far less "security crutches" than Windows does:
https://sites.google.com/site/easylinux ... t/security

Okay, so iptables is doesn't have a graphic interface.
This is a laptop and i have it both home and away.. so i want to have total control over the network traffic and be able to stop it if i see any suspect activity.. Linux is safer then windows yes. but not totally immune.
I'm not a regular user.. I am only a beginner on linux
I have a big home network, four laptops and seven desktops and two servers.. My network is only cisco based Gbit lan... Firewall with DMZ and two ISP, one 16port switch for ip telephony and one 24port to my computers and one wifi access point.
I have used microsoft since 1988(I was 14years old at that time) But now when MS is gathering information about their users in win10, and i don't like win8.1, so my goal is to learn Linux to 2020 when win7 has EOL. and replace all my computers and servers with Linux instead of MS in 2020.
So i start with one laptop to learn and make mistakes without interfering on my job or my network.

I hope that explains why i want advanced software.

[chrisuk]

Iptables was capable of block/allow per application, but the required option was removed from the recent versions.

Netactview will show you realtime connected IPs - have a read of Karl's post here to install it.

There are no per-Application Firewalls for Linux... although there are plenty that are half-finished or don't work. Opensnitch, Leopard Flower Firewall, and Douane were all valiant efforts.

[Marie SWE]

Iptables was capable of block/allow per application, but the required option was removed from the recent versions.

Netactview will show you realtime connected IPs - have a read of Karl's post here to install it.

There are no per-Application Firewalls for Linux... although there are plenty that are half-finished or don't work. Opensnitch, Leopard Flower Firewall, and Douane were all valiant efforts.

Thanks, i will read that post and test Netactview.
Okay, sad to hear that no one has developed a really advanced graphical firewall for linux in all the years linux has existed.. There are some pretty good to older windows solutions.

My wish list is based on a firewall I have with just those features

[thx-1138]

...poor man's Netactview...watch -n1 ss -prtu...or maybe not so poor, depends on someone's view & needs

[Marie SWE]

...poor man's Netactview...watch -n1 ss -prtu...or maybe not so poor, depends on someone's view & needs

I suspect I might have a little too high demands and expectations on Linux... And I'm maybe a little bit spoiled with good tools in windows..

[Pippin]

Iptables was capable of block/allow per application, but the required option was removed from the recent versions.

Just a remark, iptables can do that with the owner module.

Code: Select all

# find / -name *xt_owner*
/lib/modules/4.15.0-29-generic/kernel/net/netfilter/xt_owner.ko
...
...

Example:

Code: Select all

PID=cat /path/to/<application>.pid
iptables -A OUTPUT -o eth0 -m owner --pid-owner $PID -j DROP

[Marie SWE]

Iptables was capable of block/allow per application, but the required option was removed from the recent versions.

Just a remark, iptables can do that with the owner module.

Code: Select all

# find / -name *xt_owner*
/lib/modules/4.15.0-29-generic/kernel/net/netfilter/xt_owner.ko
...
...

Example:

Code: Select all

PID=cat /path/to/<application>.pid
iptables -A OUTPUT -o eth0 -m owner --pid-owner $PID -j DROP

I wonder if you would like to explain it a little bit more? I recently started using linux, so a lot of linux commands is a little bit cryptic yet... I'm used to use MS commands mostly

iptables -A OUTPUT -o eth0 -m owner --pid-owner $PID -j DROP
in this line, -A is Append to chain OUTPUT..... -o is that for naming the network card eth0? or?..... and -m is to match the owner??..... but what is --pid-owner $PID -j DROP ?and what does it do, or meaning?

and the second question... where to apply this? in a file or in terminal?. It looks a little like a string in a file.
Sorry for asking about it, but the best way to learn is to ask a lot of questions.

[phd21]

HI "Marie SWE",

I just read your post and the good replies to it. Here are my thoughts on this as well.

"OpenSnitch" looks promising.

I am pretty sure you can use the excellent "firejail" sandboxing application to block applications and other stuff from accessing the Internet.

evilsocket/opensnitch: OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
https://github.com/evilsocket/opensnitch

OpenSnitch: The Little Snitch application like firewall tool for Linux - nixCraft
https://www.cyberciti.biz/python-tutori ... for-linux/

How To Install Open Snitch On Ubuntu
https://www.addictivetips.com/ubuntu-li ... on-ubuntu/


"Douane" - software recommendation - Is there any Application level firewall for Ubuntu 16.04? (with GUI) - Ask Ubuntu
https://askubuntu.com/questions/917575/ ... 4-with-gui

Linux per-application firewalls - Doable? Douane.
https://www.dedoimedo.com/computers/lin ... ewall.html

wireshark - monitor network activity

Hope this helps ...

[Pjotr]

I am pretty sure you can use the excellent "firejail" sandboxing application to block applications and other stuff from accessing the Internet.

Good tip! I didn't think of that, but it's indeed a fine idea:
https://sites.google.com/site/easylinux ... ct/sandbox

Note that you currently still need to install the latest Firejail and not the older version of it in the official repo's, because of problems with running Firefox in Firejail.

More specifically:
https://sites.google.com/site/easylinux ... plications
(item 11, right column)

[ZakGordon]

I suspect I might have a little too high demands and expectations on Linux... And I'm maybe a little bit spoiled with good tools in windows..

Well start with the simple stuff (so get ufw and gufw set up and running) and move onto the more complex configuration stuff for later.

As has been mentioned Linux by design is a lot more secure than Windows.

I think that is part of the reason for the lack of depth of breadth of tools in Linux vs Windows, you just mostly don't need ALL the extra security running a Windows system requires. And with the wider market share of Windows you had more opportunities for enterprising types to create the raft of security related software you can pick up in Windows (and many great free tools also).

At one place i worked at we called in a Linux specialist to build a bespoke firewall, and that might be more common in the Linux space than it is in Windows.

[Marie SWE]

HI "Marie SWE",

I just read your post and the good replies to it. Here are my thoughts on this as well.

"OpenSnitch" looks promising.

I am pretty sure you can use the excellent "firejail" sandboxing application to block applications and other stuff from accessing the Internet.

evilsocket/opensnitch: OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
https://github.com/evilsocket/opensnitch

OpenSnitch: The Little Snitch application like firewall tool for Linux - nixCraft
https://www.cyberciti.biz/python-tutori ... for-linux/

How To Install Open Snitch On Ubuntu
https://www.addictivetips.com/ubuntu-li ... on-ubuntu/


"Douane" - software recommendation - Is there any Application level firewall for Ubuntu 16.04? (with GUI) - Ask Ubuntu
https://askubuntu.com/questions/917575/ ... 4-with-gui

Linux per-application firewalls - Doable? Douane.
https://www.dedoimedo.com/computers/lin ... ewall.html

wireshark - monitor network activity

Hope this helps ...

Thank you for all links and your thoughts.
Now I have some weekend reading to do, before i test it.

[Marie SWE]

I am pretty sure you can use the excellent "firejail" sandboxing application to block applications and other stuff from accessing the Internet.

Good tip! I didn't think of that, but it's indeed a fine idea:
https://sites.google.com/site/easylinux ... ct/sandbox

Note that you currently still need to install the latest Firejail and not the older version of it in the official repo's, because of problems with running Firefox in Firejail.

More specifically:
https://sites.google.com/site/easylinux ... plications
(item 11, right column)

Good info, thanks.
more weekend reading.. Me like

[phd21]

HI "Marie SWE", & Everyone Else,

You are welcome from all of us that replied...

It would be really nice to have easy to install application firewalls like "OpenSnitch" and "Douane", but the only way I found to install them is using instructions from those links.

As for using the excellent Firejail sandboxing application, which I personally think everyone should be using anyway for security, member Pjotr has links for that on his excellent website, and of course the firejail websites too. I would think the Firejail developers and maintainers could modify one or more of their desktop GUI program interfaces like Firetools or Firejail Configuration Wizard to include the Internet menu group or any application and or service, and simply allow (whitelist?) or deny (block, blacklist?) Internet access options, perhaps the Firejail Configuration Wizard does this already (I have not checked yet).

All Linux users can use the "ufw" and its desktop GUI "gufw" to simply turn on (enable) the firewall for security. If I am not mistaken, GUFW is a gui interface to the already installed "iptables". There are methods to add application firewall rules to "iptables", but that is not as easy a using a desktop GUI app.

I remember a while ago contacting the developers of the GUFW app and Firejail apps through member "Fred Barclay" who contributes to the Firejail project about my ideas regarding a more robust feature-rich desktop GUI firewall that is always on and in the system tray panel using a "street light" (stop light) icon (green, yellow, red lights) for firewall status and access to various firewall features like display all things accessing the Internet for user review with options and application-specific options. Perhaps some enterprising talented software developers can create one or modify GUFW and or integrate it with Firejail for a new app?

Bug #1733333 “Feature Request - enable or disable all existing r...” : Bugs : Gufw
https://bugs.launchpad.net/gui-ufw/+bug/1733333

Does Mint getting hacked change security thoughts? - Page 2 - Linux Mint Forums
- has discussions on firewalls
viewtopic.php?f=90&t=217171&hilit=stoplight&start=20

* Great post in link below with interesting options for allowing or blocking applications from the Internet using "groups", etc...

firewall - How to control internet access for each program? - Ask Ubuntu
https://askubuntu.com/questions/45072/h ... ch-program

...

[Marie SWE]

I suspect I might have a little too high demands and expectations on Linux... And I'm maybe a little bit spoiled with good tools in windows..

Well start with the simple stuff (so get ufw and gufw set up and running) and move onto the more complex configuration stuff for later.

As has been mentioned Linux by design is a lot more secure than Windows.

I think that is part of the reason for the lack of depth of breadth of tools in Linux vs Windows, you just mostly don't need ALL the extra security running a Windows system requires. And with the wider market share of Windows you had more opportunities for enterprising types to create the raft of security related software you can pick up in Windows (and many great free tools also).

At one place i worked at we called in a Linux specialist to build a bespoke firewall, and that might be more common in the Linux space than it is in Windows.

Okay, my goal is to become a linux specialist in the future... but I have a long way there..

So true, so true.... but when I have tried the easy stuff, then I want to know what more complex things to dig in to.. So I asking for the big apple directly, so i can small-read about it at the same time I test the easier stuff...
I only have about 1½ year to learn Linux on a complex level. I should have started using Linux a few years back to make it easier for me..... It is easy to be wise afterwards.. but I didn't anticipate that microsoft would become so stupid as they did with win10..
I thought Win8 would become a flop as win ME and win vista where and they would do a good OS again.. but nooo not this time. So here I am and desperately has to learn Linux on record time

[Marie SWE]

Hi all

I wonder if there is any advanced firewalls to Linux?
On my wish list of what i want it to do (besides the obvious a firewall does) is following.

1. A simple real time overview of which programs/files are connected, preferably with the target's IP address and mac address. A bonus if the amount of data transfer is displayed in real time.
2. It should be easy and fast to give permission/block the program/file either permanently or just for this user session. Both for inbound and outbound traffic.
3. Be able to create rules where i can specify mac and ip address over computers or targets that may or may not have access, both in and outgoing rules. Ideally if I can specify a whole net-range. ex.100.0.0.1-100.255.255.255. Additional bonus is being able to block domains or part of domain. (ex: https: // example.com or example.example.com or * .example.com)
4. There must be different types of logs, especially traffic logs that log normal traffic, as well as security logs for intrusion attempts with time, date, length, port, ip-address and preferably the mac address of the attacker. Bonus if there is a built-in backtrace feature.
5. Bonus... If I have multiple network cards in the computer, if i could create different rules for the different network cards.

Is there such or better for Linux?

Best Regards Marie

Hello everyone

I'm going to revive this thread and ask if there are any new software firewalls that has come out since I asked 9 months ago?
I am still in need of a really advanced software firewall. (GUI)

Thank you for all the help in advance

[DAMIEN1307]

Hi Marie...i admit that i have not read all other entries to such an old posting here in this thread...all i will say is that the GUFW software firewall is more than adequate...especially if you are using a "hardware" firewall that is built into a "router" that you are already using either as part of a dual "modem/Router" hardware firewall provided by your ISP or if your like me and have both the ISP "modem/router' hardware firewall as well as a personally owned router with hardware firewall as well, that i also use...have never had a problem and frankly, i have an old saying...K.I.S.S, which stands for "keep it simple stupid" and i point the word stupid to myself to remind me not to complicate things so badly that i can, and have, "shot myself in the foot"...unless your one of these "rocket scientists" that im surrounded by that shoot missiles, testing out here in the Alamogordo desert, or are flying military drones as the other half are doing, dont worry about the "tin foil hat brigade" that throws up unsubstantiated, imaginary, pseudo, security "weaknesses" in your firewall protections systems...DAMIEN

EDIT...always remember, this is a Linux OS, this is NOT Windows or Mac.