Results 1 to 10 of 10

Thread: Extreme Firewal help?

  1. #1

    Angry Extreme Firewal help?

    Hi to all, I am looking for my favorite firewall (fire Starter) But I cannot seems to find it in yast,why? I don't want a firewall that is text base. Graphical is only my interest. I already got clamav as my anti-virus so now am looking for a graphical firewall so please help if you can because am security obsess.

  2. #2
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Extreme Firewal help?

    Only SuSefirewall2 is in Yast. It's GUI modules are found at Yast --> Security and Users ---> Firewall. If you alter nothing from the defaults, pretty much the whole workstation is isolated. Use the GUI to open the firewall for services.

    Fire Starter is not available in openSUSE. You would have to compile and install it.

    I don't know of any firewall in any distro like windows or Linux etc that is not text based. Most of them are hidden behind fine GUI configurators, like FireStarter and Yast-Firewall.

    FFI on SuSEfirewall2 by GUI see here: SuSEfirewall2: HowTo open Ports for Services in the Suse / openSUSE Firewall
    Last edited by swerdna; 08-Feb-2009 at 06:31.
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  3. #3

    Default Re: Extreme Firewal help?

    Quote Originally Posted by swerdna View Post
    Only SuSefirewall2 is in Yast. It's GUI modules are found at Yast --> Security and Users ---> Firewall. If you alter nothing from the defaults, pretty much the whole workstation is isolated. Use the GUI to open the firewall for services.

    Fire Starter is not available in openSUSE. You would have to compile and install it.

    I don't know of any firewall in any distro like windows or Linux etc that is not text based. Most of them are hidden behind fine GUI configurators, like FireStarter and Yast-Firewall.

    FFI on SuSEfirewall2 by GUI see here: SuSEfirewall2: HowTo open Ports for Services in the Suse / openSUSE Firewall

    ok then can you please give me step by step instructions on how to compile/install fire starter? Also I heard that some distro will not let you update if you install outside software that is not in there repo/yast2 is that ture?

  4. #4
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Extreme Firewal help?

    Quote Originally Posted by Itrod View Post
    ok then can you please give me step by step instructions on how to compile/install fire starter? Also I heard that some distro will not let you update if you install outside software that is not in there repo/yast2 is that ture?
    Installation - Firestarter

    Jump to the section, "Compiling And Installing From Source." If (when) you run across errors during the configure phase, carefully note the names of the missing packages, look them up in Yast -> Software Management and install them as needed.

    From looking at Firestarter, it does two non-trivial things that Yast doesn't: it will allow you to click on a blocked service and "open" it, and it will also allow blocking by site/URL name. Aside from that, though, IMHO, SuseFirewall2 is the better tool, especially if you're going to be doing more advanced stuff such as masquerading and NAT.

    If you have trouble compiling from source, post back here. Someone will help.

  5. #5
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Extreme Firewal help?

    By the way, it's not going to be a lot of help here (I looked), but mark this link for future reference:

    About Rpmfind.Net WWW Server a.k.a. Rufus.W3.Org

    You can *sometimes* use an RPM for the equivalent Fedora release in Suse, or a somewhat older Suse RPM in the current version.

    ("Somewhat" means, of course and for example, that you can't expect an RPM built for Opensuse 10 to work on 11.1, but you may find that one built for 10.3 or 11.0 WILL work on 11.1.)

    And to answer one of your original questions, if you compile from source, you get two things:

    1. PLUS: latest and greatest version.
    2. DRAWBACK: yes, if an update comes out, you'll have to compile and install the new version yourself. Yast won't do it for you.

  6. #6

    Default Re: Extreme Firewal help?

    Quote Originally Posted by smpoole7 View Post
    Installation - Firestarter

    Jump to the section, "Compiling And Installing From Source." If (when) you run across errors during the configure phase, carefully note the names of the missing packages, look them up in Yast -> Software Management and install them as needed.

    From looking at Firestarter, it does two non-trivial things that Yast doesn't: it will allow you to click on a blocked service and "open" it, and it will also allow blocking by site/URL name. Aside from that, though, IMHO, SuseFirewall2 is the better tool, especially if you're going to be doing more advanced stuff such as masquerading and NAT.

    If you have trouble compiling from source, post back here. Someone will help.

    Ok thanks alot. Let me explain to you why I wanted to use fire stater. Reason is I always do a test on my fire walls using this link Shields UP!! — System Error to see whether my fire wall pass the test or not so I did one with the default fire wall on open suse and it faild with flying colors and I hate whenever that happenes. But if I can configure the open suse default fire wall to meet that standard of passing the test I will be much more than happy. Plus I realize that the open suse fire wall barely have any features to do much at all. so if you know how to configure it in order to pass the test I will really appreciate that. thank you in advance

  7. #7
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Extreme Firewal help?

    Quote Originally Posted by Itrod View Post
    Steve Gibson's site is excellent. I use it frequently myself. But I just tested my own machine. Gibson's site said that while the ports were closed or stealthed, it "failed" me because my computer would respond to pings. That was the only failure.

    There are different opinions on this. Gibson says that a ping is often the first step in an attack. Yes ... and no. Crackers who are out for blood almost always use stealth techniques with tools like NMap nowadays, so in my experience, disabling ping just makes it harder to troubleshoot when you have problems.

    For example, if you want to check your connection, the quickest and dirtiest way to do it is with a simple "ping." That way, you know the cabling, hardware and drivers are OK. You can look elsewhere to see what's causing your issue.

    While I'm not going to criticize Mr. Gibson across the board -- that site is very useful -- do keep this in mind: he's selling software, primarily to Windows users. He WANTS you to see that big, scary red "FAILED" message. .. .. .. catch my meaning?

    A vulnerability that might be a show-stopping nightmare under Windows is typically no cause for concern under Linux. (No, not 100% always; speaking in general; [insert all your favorite disclaimers here].)

  8. #8
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Extreme Firewal help?

    Oh, and sorry: if you want to disable ping, try what's suggested in this thread:

    Replacement firewall gui - openSUSE Forums

    (The title is misleading.)

    But as a general rule, there are many options for SuseFirewall2 that can be enabled/disabled by directly editing the config files. I realize that's not a GUI interface (which, for the record, I much prefer, too!), but there you go, anyway.

    It's you choice. If you want to use firestart, do not for a moment think I'm disparaging it or anything like that. F/OSS == choice. Do what works best for you.

  9. #9
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,673
    Blog Entries
    15

    Default Re: Extreme Firewal help?

    Quote Originally Posted by Itrod
    smpoole7;1941259 Wrote:
    > 'Installation - Firestarter'
    > (http://www.fs-security.com/docs/installation.php)
    >
    > Jump to the section, "Compiling And Installing From Source." If (when)
    > you run across errors during the configure phase, carefully note the
    > names of the missing packages, look them up in Yast -> Software
    > Management and install them as needed.
    >
    > From looking at Firestarter, it does two non-trivial things that Yast
    > doesn't: it will allow you to click on a blocked service and "open"
    > it, and it will also allow blocking by site/URL name. Aside from that,
    > though, IMHO, SuseFirewall2 is the better tool, especially if you're
    > going to be doing more advanced stuff such as masquerading and NAT.
    >
    > If you have trouble compiling from source, post back here. Someone
    > will help.



    Ok thanks alot. Let me explain to you why I wanted to use fire stater.
    Reason is I always do a test on my fire walls using this link
    'Shields UP!! — System Error'
    (http://www.grc.com/x/ne.dll?rh1dkyd2) to see whether my fire
    wall pass the test or not so I did one with the default fire wall on
    open suse and it faild with flying colors and I hate whenever that
    happenes. But if I can configure the open suse default fire wall to meet
    that standard of passing the test I will be much more than happy. Plus I
    realize that the open suse fire wall barely have any features to do much
    at all. so if you know how to configure it in order to pass the test I
    will really appreciate that. thank you in advance
    Hi
    That is not quite true, both susefirewall and firestarter are just
    creating rules for iptables.

    You need to ensure you have unused services disabled. If you using an
    external router then that is the problem for a failure with sheilds up
    test.

    Have a friend run nmap on your external ip address. Or get an external
    shell account to run your own tests.

    If you search here for 11.0 and grab the src rpm and use that to build
    a 11.1 version;
    Get It

    --
    Cheers Malcolm (Linux Counter #276890)
    openSUSE 11.1 x86 Kernel 2.6.27.7-9-default
    up 7:04, 2 users, load average: 0.12, 0.09, 0.12
    GPU GeForce 6600 TE/6200 TE - Driver Version: 180.27


  10. #10
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Extreme Firewal help?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    That is not quite true, both susefirewall and firestarter are just
    creating rules for iptables.
    Right. But for some reason, SuseFirewall2 leaves ping "allowed" on some versions by default, and apparently, Firestarter doesn't.

    You need to ensure you have unused services disabled. If you using an
    external router then that is the problem for a failure with sheilds up
    test.
    I'd be interested to know if Gibson is reporting the same thing as Nmap. It may be that his test is more paranoid.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •