Hi to all, I am looking for my favorite firewall (fire Starter) But I
cannot seems to find it in yast,why? I don’t want a firewall that is
text base. Graphical is only my interest. I already got clamav as my
anti-virus so now am looking for a graphical firewall so please help if
you can because am security obsess.
Itrod’s Profile: http://forums.opensuse.org/member.php?userid=21787
View this thread: http://forums.opensuse.org/showthread.php?t=407276
Only SuSefirewall2 is in Yast. It’s GUI modules are found at Yast →
Security and Usres —> Firewall. If you alter nothing from the
defaults, pretty much the whole workstation is isolated. Use the GUI to
open the firewall for services.
Fire Starter is not available in openSUSE. You would have to complile
and install it.
I don’t know of any firewall in any distro like windows or Linux etc
that is not text based. Most of them are hidden behind fine GUI
configurators, like FireStarter and Yast-Firewall.
FFI on SuSSfirewall2 by GUI see here: ‘SuSEfirewall2: HowTo open Ports
for Services in the Suse / openSUSE Firewall’
(http://www.swerdna.net.au/linhowtofirewall.html)
swerdna’s Profile: http://forums.opensuse.org/member.php?userid=84
View this thread: http://forums.opensuse.org/showthread.php?t=407276
swerdna;1941172 Wrote:
> Only SuSefirewall2 is in Yast. It’s GUI modules are found at Yast →
> Security and Users —> Firewall. If you alter nothing from the
> defaults, pretty much the whole workstation is isolated. Use the GUI to
> open the firewall for services.
>
> Fire Starter is not available in openSUSE. You would have to compile
> and install it.
>
> I don’t know of any firewall in any distro like windows or Linux etc
> that is not text based. Most of them are hidden behind fine GUI
> configurators, like FireStarter and Yast-Firewall.
>
> FFI on SuSEfirewall2 by GUI see here: ‘SuSEfirewall2: HowTo open Ports
> for Services in the Suse / openSUSE Firewall’
> (http://www.swerdna.net.au/linhowtofirewall.html)
ok then can you please give me step by step instructions on how to
compile/install fire starter? Also I heard that some distro will not
let you update if you install outside software that is not in there
repo/yast2 is that ture?
Itrod’s Profile: http://forums.opensuse.org/member.php?userid=21787
View this thread: http://forums.opensuse.org/showthread.php?t=407276
Itrod;1941241 Wrote:
> ok then can you please give me step by step instructions on how to
> compile/install fire starter? Also I heard that some distro will not
> let you update if you install outside software that is not in there
> repo/yast2 is that ture?
‘Installation - Firestarter’
(http://www.fs-security.com/docs/installation.php)
Jump to the section, “Compiling And Installing From Source.” If (when)
you run across errors during the configure phase, carefully note the
names of the missing packages, look them up in Yast -> Software
Management and install them as needed.
From looking at Firestarter, it does two non-trivial things that Yast
doesn’t: it will allow you to click on a blocked service and “open” it,
and it will also allow blocking by site/URL name. Aside from that,
though, IMHO, SuseFirewall2 is the better tool, especially if you’re
going to be doing more advanced stuff such as masquerading and NAT.
If you have trouble compiling from source, post back here. Someone will
help.
smpoole7’s Profile: http://forums.opensuse.org/member.php?userid=13513
View this thread: http://forums.opensuse.org/showthread.php?t=407276
By the way, it’s not going to be a lot of help here (I looked), but mark
this link for future reference:
‘About Rpmfind.Net WWW Server a.k.a. Rufus.W3.Org’
(http://rpmfind.net)
You can sometimes use an RPM for the equivalent Fedora release in
Suse, or a somewhat older Suse RPM in the current version.
(“Somewhat” means, of course and for example, that you can’t expect an
RPM built for Opensuse 10 to work on 11.1, but you may find that one
built for 10.3 or 11.0 WILL work on 11.1.)
And to answer one of your original questions, if you compile from
source, you get two things:
smpoole7’s Profile: http://forums.opensuse.org/member.php?userid=13513
View this thread: http://forums.opensuse.org/showthread.php?t=407276
smpoole7;1941259 Wrote:
> ‘Installation - Firestarter’
> (http://www.fs-security.com/docs/installation.php)
>
> Jump to the section, “Compiling And Installing From Source.” If (when)
> you run across errors during the configure phase, carefully note the
> names of the missing packages, look them up in Yast -> Software
> Management and install them as needed.
>
> From looking at Firestarter, it does two non-trivial things that Yast
> doesn’t: it will allow you to click on a blocked service and “open” it,
> and it will also allow blocking by site/URL name. Aside from that,
> though, IMHO, SuseFirewall2 is the better tool, especially if you’re
> going to be doing more advanced stuff such as masquerading and NAT.
>
> If you have trouble compiling from source, post back here. Someone will
> help.
Ok thanks alot. Let me explain to you why I wanted to use fire stater.
Reason is I always do a test on my fire walls using this link
‘Shields UP!! System Error’
(http://www.grc.com/x/ne.dll?rh1dkyd2) to see whether my fire
wall pass the test or not so I did one with the default fire wall on
open suse and it faild with flying colors and I hate whenever that
happenes. But if I can configure the open suse default fire wall to meet
that standard of passing the test I will be much more than happy. Plus I
realize that the open suse fire wall barely have any features to do much
at all. so if you know how to configure it in order to pass the test I
will really appreciate that. thank you in advance
Itrod’s Profile: http://forums.opensuse.org/member.php?userid=21787
View this thread: http://forums.opensuse.org/showthread.php?t=407276
Itrod;1941266 Wrote:
> ‘Shields UP!! — System Error’
> (http://www.grc.com/x/ne.dll?rh1dkyd2)
Steve Gibson’s site is excellent. I use it frequently myself. But I
just tested my own machine. Gibson’s site said that while the ports were
closed or stealthed, it “failed” me because my computer would respond to
pings. That was the only failure.
There are different opinions on this. Gibson says that a ping is often
the first step in an attack. Yes … and no. Crackers who are out for
blood almost always use stealth techniques with tools like NMap
nowadays, so in my experience, disabling ping just makes it harder to
troubleshoot when you have problems.
For example, if you want to check your connection, the quickest and
dirtiest way to do it is with a simple “ping.” That way, you know the
cabling, hardware and drivers are OK. You can look elsewhere to see
what’s causing your issue.
While I’m not going to criticize Mr. Gibson across the board – that
site is very useful – do keep this in mind: he’s selling software,
primarily to Windows users. He WANTS you to see that big, scary red
“FAILED” message. … … … catch my meaning? 
A vulnerability that might be a show-stopping nightmare under Windows
is typically no cause for concern under Linux. (No, not 100% always;
speaking in general; [insert all your favorite disclaimers here].)
smpoole7’s Profile: http://forums.opensuse.org/member.php?userid=13513
View this thread: http://forums.opensuse.org/showthread.php?t=407276
Oh, and sorry: if you want to disable ping, try what’s suggested in this
thread:
‘Replacement firewall gui - openSUSE Forums’
(http://tinyurl.com/683bms)
(The title is misleading.)
But as a general rule, there are many options for SuseFirewall2 that
can be enabled/disabled by directly editing the config files. I realize
that’s not a GUI interface (which, for the record, I much prefer, too!),
but there you go, anyway.
It’s you choice. If you want to use firestart, do not for a moment
think I’m disparaging it or anything like that. F/OSS == choice. Do what
works best for you. lol!
smpoole7’s Profile: http://forums.opensuse.org/member.php?userid=13513
View this thread: http://forums.opensuse.org/showthread.php?t=407276
Hi
That is not quite true, both susefirewall and firestarter are just
creating rules for iptables.
You need to ensure you have unused services disabled. If you using an
external router then that is the problem for a failure with sheilds up
test.
Have a friend run nmap on your external ip address. Or get an external
shell account to run your own tests.
If you search here for 11.0 and grab the src rpm and use that to build
a 11.1 version;
Get It
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.1 x86 Kernel 2.6.27.7-9-default
up 7:04, 2 users, load average: 0.12, 0.09, 0.12
GPU GeForce 6600 TE/6200 TE - Driver Version: 180.27
malcolmlewis;1941327 Wrote:
> Hi
> That is not quite true, both susefirewall and firestarter are just
> creating rules for iptables.
Right. But for some reason, SuseFirewall2 leaves ping “allowed” on some
versions by default, and apparently, Firestarter doesn’t.
> You need to ensure you have unused services disabled. If you using an
> external router then that is the problem for a failure with sheilds up
> test.
I’d be interested to know if Gibson is reporting the same thing as
Nmap. It may be that his test is more paranoid.
smpoole7’s Profile: http://forums.opensuse.org/member.php?userid=13513
View this thread: http://forums.opensuse.org/showthread.php?t=407276