Results 1 to 10 of 10

Thread: Extreme Firewal help?

  1. #1
    Itrod NNTP User

    Default Extreme Firewal help?


    Hi to all, I am looking for my favorite firewall (fire Starter) But I
    cannot seems to find it in yast,why? I don't want a firewall that is
    text base. Graphical is only my interest. I already got clamav as my
    anti-virus so now am looking for a graphical firewall so please help if
    you can because am security obsess.


    --
    Itrod
    ------------------------------------------------------------------------
    Itrod's Profile: http://forums.opensuse.org/member.php?userid=21787
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  2. #2
    swerdna NNTP User

    Default Re: Extreme Firewal help?


    Only SuSefirewall2 is in Yast. It's GUI modules are found at Yast -->
    Security and Usres ---> Firewall. If you alter nothing from the
    defaults, pretty much the whole workstation is isolated. Use the GUI to
    open the firewall for services.

    Fire Starter is not available in openSUSE. You would have to complile
    and install it.

    I don't know of any firewall in any distro like windows or Linux etc
    that is not text based. Most of them are hidden behind fine GUI
    configurators, like FireStarter and Yast-Firewall.

    FFI on SuSSfirewall2 by GUI see here: 'SuSEfirewall2: HowTo open Ports
    for Services in the Suse / openSUSE Firewall'
    (http://www.swerdna.net.au/linhowtofirewall.html)


    --
    'Drop in and visit some time'
    (http://www.swerdna.net.au/linux.html).
    ------------------------------------------------------------------------
    swerdna's Profile: http://forums.opensuse.org/member.php?userid=84
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  3. #3
    Itrod NNTP User

    Default Re: Extreme Firewal help?


    swerdna;1941172 Wrote:
    > Only SuSefirewall2 is in Yast. It's GUI modules are found at Yast -->
    > Security and Users ---> Firewall. If you alter nothing from the
    > defaults, pretty much the whole workstation is isolated. Use the GUI to
    > open the firewall for services.
    >
    > Fire Starter is not available in openSUSE. You would have to compile
    > and install it.
    >
    > I don't know of any firewall in any distro like windows or Linux etc
    > that is not text based. Most of them are hidden behind fine GUI
    > configurators, like FireStarter and Yast-Firewall.
    >
    > FFI on SuSEfirewall2 by GUI see here: 'SuSEfirewall2: HowTo open Ports
    > for Services in the Suse / openSUSE Firewall'
    > (http://www.swerdna.net.au/linhowtofirewall.html)



    ok then can you please give me step by step instructions on how to
    compile/install fire starter? Also I heard that some distro will not
    let you update if you install outside software that is not in there
    repo/yast2 is that ture?


    --
    Itrod
    ------------------------------------------------------------------------
    Itrod's Profile: http://forums.opensuse.org/member.php?userid=21787
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  4. #4
    smpoole7 NNTP User

    Default Re: Extreme Firewal help?


    Itrod;1941241 Wrote:
    > ok then can you please give me step by step instructions on how to
    > compile/install fire starter? Also I heard that some distro will not
    > let you update if you install outside software that is not in there
    > repo/yast2 is that ture?


    'Installation - Firestarter'
    (http://www.fs-security.com/docs/installation.php)

    Jump to the section, "Compiling And Installing From Source." If (when)
    you run across errors during the configure phase, carefully note the
    names of the missing packages, look them up in Yast -> Software
    Management and install them as needed.

    From looking at Firestarter, it does two non-trivial things that Yast
    doesn't: it will allow you to click on a blocked service and "open" it,
    and it will also allow blocking by site/URL name. Aside from that,
    though, IMHO, SuseFirewall2 is the better tool, especially if you're
    going to be doing more advanced stuff such as masquerading and NAT.

    If you have trouble compiling from source, post back here. Someone will
    help.


    --
    smpoole7
    ------------------------------------------------------------------------
    smpoole7's Profile: http://forums.opensuse.org/member.php?userid=13513
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  5. #5
    smpoole7 NNTP User

    Default Re: Extreme Firewal help?


    By the way, it's not going to be a lot of help here (I looked), but mark
    this link for future reference:

    'About Rpmfind.Net WWW Server a.k.a. Rufus.W3.Org'
    (http://rpmfind.net)

    You can *sometimes* use an RPM for the equivalent Fedora release in
    Suse, or a somewhat older Suse RPM in the current version.

    ("Somewhat" means, of course and for example, that you can't expect an
    RPM built for Opensuse 10 to work on 11.1, but you may find that one
    built for 10.3 or 11.0 WILL work on 11.1.)

    And to answer one of your original questions, if you compile from
    source, you get two things:

    1. PLUS: latest and greatest version.
    2. DRAWBACK: yes, if an update comes out, you'll have to compile and
    install the new version yourself. Yast won't do it for you.


    --
    smpoole7
    ------------------------------------------------------------------------
    smpoole7's Profile: http://forums.opensuse.org/member.php?userid=13513
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  6. #6
    Itrod NNTP User

    Default Re: Extreme Firewal help?


    smpoole7;1941259 Wrote:
    > 'Installation - Firestarter'
    > (http://www.fs-security.com/docs/installation.php)
    >
    > Jump to the section, "Compiling And Installing From Source." If (when)
    > you run across errors during the configure phase, carefully note the
    > names of the missing packages, look them up in Yast -> Software
    > Management and install them as needed.
    >
    > From looking at Firestarter, it does two non-trivial things that Yast
    > doesn't: it will allow you to click on a blocked service and "open" it,
    > and it will also allow blocking by site/URL name. Aside from that,
    > though, IMHO, SuseFirewall2 is the better tool, especially if you're
    > going to be doing more advanced stuff such as masquerading and NAT.
    >
    > If you have trouble compiling from source, post back here. Someone will
    > help.



    Ok thanks alot. Let me explain to you why I wanted to use fire stater.
    Reason is I always do a test on my fire walls using this link
    'Shields UP!! — System Error'
    (http://www.grc.com/x/ne.dll?rh1dkyd2) to see whether my fire
    wall pass the test or not so I did one with the default fire wall on
    open suse and it faild with flying colors and I hate whenever that
    happenes. But if I can configure the open suse default fire wall to meet
    that standard of passing the test I will be much more than happy. Plus I
    realize that the open suse fire wall barely have any features to do much
    at all. so if you know how to configure it in order to pass the test I
    will really appreciate that. thank you in advance


    --
    Itrod
    ------------------------------------------------------------------------
    Itrod's Profile: http://forums.opensuse.org/member.php?userid=21787
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  7. #7
    smpoole7 NNTP User

    Default Re: Extreme Firewal help?


    Itrod;1941266 Wrote:
    > 'Shields UP!! — System Error'
    > (http://www.grc.com/x/ne.dll?rh1dkyd2)


    Steve Gibson's site is excellent. I use it frequently myself. But I
    just tested my own machine. Gibson's site said that while the ports were
    closed or stealthed, it "failed" me because my computer would respond to
    pings. That was the only failure.

    There are different opinions on this. Gibson says that a ping is often
    the first step in an attack. Yes ... and no. Crackers who are out for
    blood almost always use stealth techniques with tools like NMap
    nowadays, so in my experience, disabling ping just makes it harder to
    troubleshoot when you have problems.

    For example, if you want to check your connection, the quickest and
    dirtiest way to do it is with a simple "ping." That way, you know the
    cabling, hardware and drivers are OK. You can look elsewhere to see
    what's causing your issue.

    While I'm not going to criticize Mr. Gibson across the board -- that
    site is very useful -- do keep this in mind: he's selling software,
    primarily to Windows users. He WANTS you to see that big, scary red
    "FAILED" message. .. .. .. catch my meaning?

    A vulnerability that might be a show-stopping nightmare under Windows
    is typically no cause for concern under Linux. (No, not 100% always;
    speaking in general; [insert all your favorite disclaimers here].)


    --
    smpoole7
    ------------------------------------------------------------------------
    smpoole7's Profile: http://forums.opensuse.org/member.php?userid=13513
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  8. #8
    smpoole7 NNTP User

    Default Re: Extreme Firewal help?


    Oh, and sorry: if you want to disable ping, try what's suggested in this
    thread:

    'Replacement firewall gui - openSUSE Forums'
    (http://tinyurl.com/683bms)

    (The title is misleading.)

    But as a general rule, there are many options for SuseFirewall2 that
    can be enabled/disabled by directly editing the config files. I realize
    that's not a GUI interface (which, for the record, I much prefer, too!),
    but there you go, anyway.

    It's you choice. If you want to use firestart, do not for a moment
    think I'm disparaging it or anything like that. F/OSS == choice. Do what
    works best for you.


    --
    smpoole7
    ------------------------------------------------------------------------
    smpoole7's Profile: http://forums.opensuse.org/member.php?userid=13513
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


  9. #9
    Malcolm NNTP User

    Default Re: Extreme Firewal help?

    Quote Originally Posted by Itrod
    smpoole7;1941259 Wrote:
    > 'Installation - Firestarter'
    > (http://www.fs-security.com/docs/installation.php)
    >
    > Jump to the section, "Compiling And Installing From Source." If (when)
    > you run across errors during the configure phase, carefully note the
    > names of the missing packages, look them up in Yast -> Software
    > Management and install them as needed.
    >
    > From looking at Firestarter, it does two non-trivial things that Yast
    > doesn't: it will allow you to click on a blocked service and "open"
    > it, and it will also allow blocking by site/URL name. Aside from that,
    > though, IMHO, SuseFirewall2 is the better tool, especially if you're
    > going to be doing more advanced stuff such as masquerading and NAT.
    >
    > If you have trouble compiling from source, post back here. Someone
    > will help.



    Ok thanks alot. Let me explain to you why I wanted to use fire stater.
    Reason is I always do a test on my fire walls using this link
    'Shields UP!! — System Error'
    (http://www.grc.com/x/ne.dll?rh1dkyd2) to see whether my fire
    wall pass the test or not so I did one with the default fire wall on
    open suse and it faild with flying colors and I hate whenever that
    happenes. But if I can configure the open suse default fire wall to meet
    that standard of passing the test I will be much more than happy. Plus I
    realize that the open suse fire wall barely have any features to do much
    at all. so if you know how to configure it in order to pass the test I
    will really appreciate that. thank you in advance
    Hi
    That is not quite true, both susefirewall and firestarter are just
    creating rules for iptables.

    You need to ensure you have unused services disabled. If you using an
    external router then that is the problem for a failure with sheilds up
    test.

    Have a friend run nmap on your external ip address. Or get an external
    shell account to run your own tests.

    If you search here for 11.0 and grab the src rpm and use that to build
    a 11.1 version;
    Get It

    --
    Cheers Malcolm (Linux Counter #276890)
    openSUSE 11.1 x86 Kernel 2.6.27.7-9-default
    up 7:04, 2 users, load average: 0.12, 0.09, 0.12
    GPU GeForce 6600 TE/6200 TE - Driver Version: 180.27


  10. #10
    smpoole7 NNTP User

    Default Re: Extreme Firewal help?


    malcolmlewis;1941327 Wrote:
    > Hi
    > That is not quite true, both susefirewall and firestarter are just
    > creating rules for iptables.


    Right. But for some reason, SuseFirewall2 leaves ping "allowed" on some
    versions by default, and apparently, Firestarter doesn't.

    > You need to ensure you have unused services disabled. If you using an
    > external router then that is the problem for a failure with sheilds up
    > test.


    I'd be interested to know if Gibson is reporting the same thing as
    Nmap. It may be that his test is more paranoid.


    --
    smpoole7
    ------------------------------------------------------------------------
    smpoole7's Profile: http://forums.opensuse.org/member.php?userid=13513
    View this thread: http://forums.opensuse.org/showthread.php?t=407276


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •