Searching for an advanced firewall

[Schultz]

Check out the links below. Perhaps there's something there that will fit your needs. (But I'm with most here, Gufw is more than enough.)

https://www.tecmint.com/open-source-sec ... x-systems/
https://www.thegeekstuff.com/2010/02/to ... firewalls/
https://www.techlila.com/linux-firewalls/

[Marie SWE]

Check out the links below. Perhaps there's something there that will fit your needs. (But I'm with most here, Gufw is more than enough.)

https://www.tecmint.com/open-source-sec ... x-systems/
https://www.thegeekstuff.com/2010/02/to ... firewalls/
https://www.techlila.com/linux-firewalls/

thanks you for your reply

It doesn't have to be a free software.
I will check out the links tomorrow.

hmm.. Gufw and windows firewall are jokes, yes they are doing it's job. but that's all.
you doesn't have total control over the real time traffic and whats happens in the background. you can't sett what IP-netrange each progam can and can not connect to. you can't block or alow mac addresses.
and then logs.. detail logs that go back 1-4 weeks.
yes I know.. I have very high demands.

[gm10]

hmm.. Gufw and windows firewall are jokes, yes they are doing it's job. but that's all.
you doesn't have total control over the real time traffic and whats happens in the background. you can't sett what IP-netrange each progam can and can not connect to. you can't block or alow mac addresses.
and then logs.. detail logs that go back 1-4 weeks.
yes I know.. I have very high demands.

What are you even talking about? Your demands are very basic and the default, pre-installed ufw does all of that (well, I don't know about MAC filtering because nobody in their right mind configures firewall rules based on MAC addresses which can get changed without any effort, the option is right in your connection settings). It's really not complicated... get it? ufw = uncomplicated firewall. SCNR.

PS: man ufw in case it needs to be said.

[Marie SWE]

Hi Marie...i admit that i have not read all other entries to such an old posting here in this thread...all i will say is that the GUFW software firewall is more than adequate...especially if you are using a "hardware" firewall that is built into a "router" that you are already using either as part of a dual "modem/Router" hardware firewall provided by your ISP or if your like me and have both the ISP "modem/router' hardware firewall as well as a personally owned router with hardware firewall as well, that i also use...have never had a problem and frankly, i have an old saying...K.I.S.S, which stands for "keep it simple stupid" and i point the word stupid to myself to remind me not to complicate things so badly that i can, and have, "shot myself in the foot"...unless your one of these "rocket scientists" that im surrounded by that shoot missiles, testing out here in the Alamogordo desert, or are flying military drones as the other half are doing, dont worry about the "tin foil hat brigade" that throws up unsubstantiated, imaginary, pseudo, security "weaknesses" in your firewall protections systems...DAMIEN

EDIT...always remember, this is a Linux OS, this is NOT Windows or Mac.

Hi Damien.

yes, ISP routers are good for ordinary people with ordinary one or two home computers.
But the threat can come from within, then a software firewall is needed that catch/log outgoing traffic.
right now I only use my Linux Mint computer for surfing with when I rate it as unsafe.

you wrote: K.I.S.S, which stands for "keep it simple stupid"

Yes it's stupid to think Linux is untouchable and 100% total safe for intrusion, malware and hacks and OS bugs that becomes security holes
win-crap isn't better.. it takes days to plug all holes.. and it can't be modified to 100% secure either.. but with a really advanced firewall and antivirus software you have total control of what happens in real time, and you have a chance to stop it before a total breach

[Marie SWE]

What are you even talking about? Your demands are very basic and the default, pre-installed ufw does all of that (well, I don't know about MAC filtering because nobody in their right mind configures firewall rules based on MAC addresses which can get changed without any effort, the option is right in your connection settings). It's really not complicated... get it? ufw = uncomplicated firewall. SCNR.

PS: man ufw in case it needs to be said.

Then you perhaps have another preinstalled ufw than I have. My does not have real time monitoring on each connection, on each program. and doesn't have so much details in the logs that I saw when i tested it a year ago.
I use mac identification internally together with additional parameters in my network

[catweazel]

Then you perhaps have another preinstalled ufw than I have.

https://alternativeto.net/software/ufw/?platform=linux

[Schultz]

Marie SWE wrote:
but with a really advanced firewall and antivirus software you have total control of what happens in real time, and you have a chance to stop it before a total breach

I suggest reading the link below even though I have a feeling you will disagree with it.

https://easylinuxtipsproject.blogspot.c ... urity.html

[gm10]

Then you perhaps have another preinstalled ufw than I have. My does not have real time monitoring on each connection, on each program. and doesn't have so much details in the logs that I saw when i tested it a year ago.

Oh you're talking about the GUI? What you want is a connection monitor? Yeah, gufw (the ufw frontend) is super simplistic, it doesn't have a very detailed one (it is realtime though). I can unfortunately also not recommend one (text based tools easily but I'm not too familiar with the GUI side).

I assume the comment about the logs is also just about gufw, because ufw's logs on the maximum log level log every single packet (careful with that, you'll fill up your disk in no time), the only way they could be more detailed was if you also wanted to log the data part of the packets (which would be insanity). I don't know what GUI you need for a log viewer though, use any text editor or just google a dedicated log viewer, there's tons (your LM might even have one pre-installed, I know the MATE edition does).

[Marie SWE]

Update:

I revived this thread because my computer behaved strangely late in the evening of May 12th. 23pm. So two hours later I revived this thread.

Today I found out that my Linux computer has become infected.
I will think about whether to install linux on it again, as I obviously need to have control over what is happening in the computer and network traffic.
I assume the worst so I have changed my password everywhere if it has been a key logger involved.

So you who think that linux is bulletproof, sorry to say this.. but it is not.

I will look at all the links you have suggested and I will return to Linux Mint that day when I have found all the monitoring programs I need.

Thank you for all your suggestions and answers.
// Marie

[Pippin]

Infected?
Please share the details so we can learn...

[deepakdeshp]

What exactly is infected?

[Marie SWE]

This becomes difficult to describe correctly, because lack of my english vocabulary
But I will try.
May 12th around 10pm (all in swedish time zone)
First symptom the computer started to lag at short intervals and the mouse behaved incorrectly.. no high cpu usage, no high disk activity.
Around 23pm Suddenly, the speed of the fan increased to a maximum even when the cpu temperature was 46 degrees C.
I heard a click and the computer just shut down, exactly the same as when you press the power button for 3 seconds.
I restarted the computer and it showed no more symptoms and the few log files I found showed nothing useful..
I couldn't access my internal network anymore. But I could connect to the internet.
so my 20 years of microcrap started red flag that something is very wrong..... But what, no logs show anything wrong.

around 12:45am I revived this thread.. and two threads on the Swedish mint forums
All the time I tried to find what happened. But with such short experiences with Linux, I didn't really know where to look.
I restart the computer a couple of times during this time, nothing new happened.
around 4am I put the computer into sleep mode (then I had 78GB of free disk space)

May 13 I was busy...

today 3pm (14th of may)I woke up the computer as I always do by pressing space when it's in sleep mode
I was looking for more logs in Mint but found nothing useful. So I started saving personal data to another hard drive. I had a bad feeling still.
I tried to install a few programs that i was tipped about in here, but they didn't want to start. When I tried to uninstall them again, i couldn't uninstall them.
So I restarted the computer. the same error again .. Now the disk activity started to increase, but I couldn't see what the hard drive did.
The computer froze and I restarted it.
Now I had 0Byte available on the hard disk. I had 78GB free.
I shut down the computer again, as I saved all personal data.

And now I use one of my windows computers.

around 10pm I wrote an update in here.

My hardware firewall's logs is only logging which computers who connect to which IP number.
I had 5 firefox windows open with about 15-25 tabs in each may 12th, so there are soooooo many ip numbers in that log, so it is not possible to figure out what is for what without going through everything. And I don't know exactly when the computer was infected when none useful monitoring logs exist in Linux.

I guess it has happened when I tried out different programs.. or when tried to resolve the firefox add-on bug.

[Schultz]

I'm not a computer expert, but I'm not convinced you got malware. Maybe your computer is dying?

[RIH]

Now I had 0Byte available on the hard disk. I had 78GB free.

I would suggest that is the root of your issue - no free disk space then it is difficult for your computer to do anything.

As to what caused your space to disappear is, of course, the crux of the matter.

It could well be what you suspect, a malware attack, or it could be something as simple as Timeshift using up all your space.
From what I have experienced with Linux & Mint I would tend towards benign causes rather than malicious attacks..

[deepakdeshp]

Is timeshift program eating up your space.
Delete backups and disable time shift, for the time being and observe the performance.

[deepakdeshp]

Now I had 0Byte available on the hard disk. I had 78GB free.

I would suggest that is the root of your issue - no free disk space then it is difficult for your computer to do anything.

As to what caused your space to disappear is, of course, the crux of the matter.

It could well be what you suspect, a malware attack, or it could be something as simple as Timeshift using up all your space.
From what I have experienced with Linux & Mint I would tend towards benign causes rather than malicious attacks..

With 0 bytes free no os would work properly and would give weird results.
Post output of

Code: Select all

 df -m /

About time shift.
https://www.google.com/amp/s/www.makete ... int/%3famp

[Marie SWE]

I'm not a computer expert, but I'm not convinced you got malware. Maybe your computer is dying?

It's dual boot and my windows work fine.

[Marie SWE]

Now I had 0Byte available on the hard disk. I had 78GB free.

I would suggest that is the root of your issue - no free disk space then it is difficult for your computer to do anything.

As to what caused your space to disappear is, of course, the crux of the matter.

It could well be what you suspect, a malware attack, or it could be something as simple as Timeshift using up all your space.
From what I have experienced with Linux & Mint I would tend towards benign causes rather than malicious attacks..

I don't use Timeshift.
I only use backup to external disk on the Linux computer once a week. The other computers use backup to server, or that I log on to the server to access all data regardless of workstation.
clamav detected 88 infected files.

[deepakdeshp]

Did you run

Code: Select all

 df -m /

'?

What's the output

[Marie SWE]

Now I had 0Byte available on the hard disk. I had 78GB free.

I would suggest that is the root of your issue - no free disk space then it is difficult for your computer to do anything.

As to what caused your space to disappear is, of course, the crux of the matter.

It could well be what you suspect, a malware attack, or it could be something as simple as Timeshift using up all your space.
From what I have experienced with Linux & Mint I would tend towards benign causes rather than malicious attacks..

With 0 bytes free no os would work properly and would give weird results.
Post output of

Code: Select all

 df -m /

About time shift.
https://www.google.com/amp/s/www.makete ... int/%3famp

I doesn't have timeshift.
I can't test that code and I have already deleted the linux partition to prepar to reinstall any linux distro that has better system and network traffic monitoring and firewall to monitor outbound traffic, so i can see which program is connecting to what ip
it wasn't possible to uninstall or install programs even after I released diskspace. So it not worth trying to save the installation, as it is too many problems for me as a beginner on linux.
Sure it had been educational, but I don't have time for it before August.

I did a search for all .log files and removed them before deleting the partition.