Recommendation of a good second party firewall.

Could you recommend a good second party firewall?
A firewall which works well with the SuSE operating system (version 12.1).
Once I’ve installed this firewall.
Is there anything particular details I need to be aware of.

Thank You,
Lleo72g

Why?

The Linux kernel incorporates IPtables. For this reason high-end firewall appliances use Linux. Bolt-on firewalls are only needed when the operating system was not fundamentally designed to be networked. The firewall management in YaST is adequate for most server or desktop use. It falls down if you are using openSuSE as a router/gateway/bridge/packet filter etc. Then you would probably be better writing the table rules manually, or using a specialist distribution.

On 01/15/2012 02:36 PM, eng-int wrote:
>
> Why?
>
> The Linux kernel incorporates IPtables. For this reason high-end
> firewall appliances use Linux. Bolt-on firewalls are only needed when
> the operating system was not fundamentally designed to be networked.
> The firewall management in YaST is adequate for most server or desktop
> use. It falls down if you are using openSuSE as a
> router/gateway/bridge/packet filter etc. Then you would probably be
> better writing the table rules manually, or using a specialist
> distribution.

Indeed. And if the OP isn’t yet comfortable writing rules by hand,
packages such as Firewall Builder can be quite handy. There’s a couple
others that are similar - the names escape me at the moment…

…Kevin

Kevin Miller - http://www.alaska.net/~atftb
Juneau, Alaska
In a recent survey, 7 out of 10 hard drives preferred Linux
Registered Linux User No: 307357, http://linuxcounter.net

On 2012-01-15 23:56, Lleo72g wrote:
>
> Could you recommend a good second party firewall?

Shorewall?

The firewall is the same, iptables. What changes is what configures iptables.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On 01/15/2012 11:56 PM, Lleo72g wrote:
> Could you recommend a good second party firewall?

-=WELCOME=- new poster…

openSUSE 12.1 (and all the previous for over a decade) are born with an
operating firewall…

you can read all about it by working your way through the hits here:

http://www.google.com/search?q=site%3Adoc.opensuse.org+firewall

but i can save you a lot of time: i never touch the default installed
firewall!

the way it is default installed has always worked for me…now, i do
admit that i do the routine security practices like: have strong root
and user passwords (different passwords for each); never browse, mail or
even log into KDE/Gnome etc as root; install and set up rkhunter to
monitor for root kits; exercise normal caution when handling executables
from untrusted sources; etc


DD http://tinyurl.com/DD-Caveat http://tinyurl.com/DD-Hardware
http://tinyurl.com/DD-Software
openSUSE®, the “German Engineered Automobiles” of operating systems!

Could you recommend a good second party firewall? Part two.

I don’t quite understand what you mean by the phrase.

“never browse, mail or even log into KDE/Gnome etc as root.”

clarify.

I have SuSE operating system installed on two separate hard drives.
One is set to KDE internface.
The second is setup to Gnome interface.

Thank You,
Lleo72g

On 01/16/2012 06:36 PM, Lleo72g wrote:
>
> I don’t quite understand what you mean by the phrase.
> “never browse, mail or even log into KDE/Gnome etc as root.”
> clarify.

when you boot up, do you see a screen where you have to enter your
password…there are two blanks (or more, depending on how maybe users
you have created) on that screen: one is for the username, and the other
for the password…

if you type ‘root’ in the username block and then the root password in
the other you are logging into KDE/Gnome as root–do NOT do that, ever.
for lots of reasons you should never log into KDE/Gnome/XFCE or any
other *nix-like system’s graphical user interface desktop environment as
root…

doing so 1) opens you up to several different security problems if you
(for example) browse the net, 2) too many, far too easy ways to damage
your system no matter how careful your actions (for
example: well documented cases of unintended change of ownership of
~/.ICEauthority and ~/.Xauthority from user to root sometimes occurs),
3) anyway logging into KDE/etc as root is never required to
do any and all administrative duties, 4) and, not even logging in as
root just to see if it works as root is useful, because the “yes” or
“no” learned is almost always totally useless in finding the
problem giving the symptoms…while, logging into the GUI as root to
learn the yes/no could cause the next adverse symptom encountered.

so, always log in as yourself, and “become root” by using a root powered
application (like YaST, File Manager Superuser Mode) or using “su -”,
sudo, kdesu, or gnomesu in a terminal to launch whatever tool is needed
(like Kwrite to edit a config file)…read more on all that here:

http://tinyurl.com/593e4c
http://tinyurl.com/ydbwssh
http://tinyurl.com/6bo2cqg
http://tinyurl.com/4nsaqst
http://tinyurl.com/665h5ek
http://tinyurl.com/6ry6yd

additionally: after logging into KDE/Gnome/etc as root, if you
experience problems (for example, with uncommanded file ownership and
permissions changes) and if you can provide us with details of what you
were doing while you were logged in as root, that would help us identify
if there’s a bug that needs to be fixed…thanks for your help…

so, also it is possible to launch anything as root, even when logged in
as yourself…like it is possible to launch Firefox as root and then go
off browsing around the web as root–do NOT do that, ever.

you could launch a mail program as root, while logged into as yourself
and open a mail with a built in rootkit and BLAM, you have a root
kit…so, do not do that!


DD http://tinyurl.com/DD-Caveat http://tinyurl.com/DD-Hardware
http://tinyurl.com/DD-Software
openSUSE®, the “German Engineered Automobiles” of operating systems!

On 2012-01-16 18:36, Lleo72g wrote:
> I have SuSE operating system installed on two separate hard drives.
> One is set to KDE internface.
> The second is setup to Gnome interface.

Why? You can use one install with both interfaces.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)