Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Firestarter Firewall

  1. #1

    Default Firestarter Firewall

    Anyone know how to install firestarter? In ubuntu just searched for the package and hit intstall?

  2. #2
    Join Date
    Jun 2008
    Location
    /dev/belgium
    Posts
    1,946

    Default Re: Firestarter Firewall

    Why not use the YaST firewall which is really an interface to iptables (the kernel firewall)

  3. #3

    Default Re: Firestarter Firewall

    i set all the interfaced to internet mode and i can still ping the machine how do i make it unpin gable?

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    25,456
    Blog Entries
    15

    Default Re: Firestarter Firewall

    Quote Originally Posted by watsgoodg
    i set all the interfaced to internet mode and i can still ping the
    machine how do i make it unpin gable?
    Hi
    YaST->System->/etc/sysconfig Editor and search for ping, then select
    FW_ALLOW_PING_FW, select goto and change to no.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.29-0.1-default
    up 3 days 18:16, 2 users, load average: 0.19, 0.06, 0.03
    GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18


  5. #5

    Default Re: Firestarter Firewall

    Quote Originally Posted by watsgoodg View Post
    i set all the interfaced to internet mode and i can still ping the machine how do i make it unpin gable?
    Any _good_ reason for this?

    Let me guess, you want to "hide" your machine with that.

    Just FYI, if one is not getting any answer from an ICMP message this is the best sign that there actually _is_ a machine at that IP.

  6. #6

    Default Re: Firestarter Firewall

    Quote Originally Posted by Akoellh View Post
    Just FYI, if one is not getting any answer from an ICMP message this is the best sign that there actually _is_ a machine at that IP.
    Then what choice to we have here ??

    I guess it is still better to minimize the internet traffic and let anyone from outside know that someone is here.
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

  7. #7

    Default Re: Firestarter Firewall

    Quote Originally Posted by BenderBendingRodriguez View Post
    Then what choice to we have here ??
    What choice do you need?

    Trying to "hide" your machine does not improve security at all.

    Quote Originally Posted by BenderBendingRodriguez View Post
    I guess it is still better to minimize the internet traffic and let anyone from outside know that someone is here.
    Yeah, especially regarding that

    a) the ping will arrive at your machine anyway

    b) it will be resent (in some cases several times) if there is no answer (so you will actually increase traffic if you block pings)

    c) the default size is negligible compared to one standard TCP packet

    d) ICMP was designed to work and you will break a lot of things with blocking ICMP which is also violating the RFCs

  8. #8

    Default Re: Firestarter Firewall

    Well, to be honest, i set my mother's PC not to respond to any ICMP packets and all is fine. Nothing is broken, everything works fine. The traffic increase is negligible, if someone won't get any response and he is not on the same subnet then he has no chance to know if someone is there under this IP. Remember that we are defending against online threats outside our LAN or subnet (no on would be so stupid to attack and leave traces on a LAN or subnet).

    Give me one example where blocking ICMP response would break something

    Yes, the ping will arrive at my PC anyway but my PC won't give anyone response.
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

  9. #9

    Default Re: Firestarter Firewall

    Quote Originally Posted by BenderBendingRodriguez View Post
    Give me one example where blocking ICMP response would break something
    Path MTU discovery.

  10. #10

    Default Re: Firestarter Firewall

    Ok but it isn't something you use daily that will affect your browsing etc. It is still better to disable any response to someone sending a ping command since it is live users sending ICMP packets in most cases that want to check something so it is better to "be safe than sorry".
    How does a linux geek make love??

    - rtfm; unzip; strip; touch; finger; mount; fsck; more; yes; umount; zip; sleep;

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •