Extreme Firewal help?

Hi to all, I am looking for my favorite firewall (fire Starter) But I cannot seems to find it in yast,why? I don’t want a firewall that is text base. Graphical is only my interest. I already got clamav as my anti-virus so now am looking for a graphical firewall so please help if you can because am security obsess.

Only SuSefirewall2 is in Yast. It’s GUI modules are found at Yast → Security and Users —> Firewall. If you alter nothing from the defaults, pretty much the whole workstation is isolated. Use the GUI to open the firewall for services.

Fire Starter is not available in openSUSE. You would have to compile and install it.

I don’t know of any firewall in any distro like windows or Linux etc that is not text based. Most of them are hidden behind fine GUI configurators, like FireStarter and Yast-Firewall.

FFI on SuSEfirewall2 by GUI see here: SuSEfirewall2: HowTo open Ports for Services in the Suse / openSUSE Firewall

ok then can you please give me step by step instructions on how to compile/install fire starter? Also I heard that some distro will not let you update if you install outside software that is not in there repo/yast2 is that ture?

Installation - Firestarter

Jump to the section, “Compiling And Installing From Source.” If (when) you run across errors during the configure phase, carefully note the names of the missing packages, look them up in Yast -> Software Management and install them as needed.

From looking at Firestarter, it does two non-trivial things that Yast doesn’t: it will allow you to click on a blocked service and “open” it, and it will also allow blocking by site/URL name. Aside from that, though, IMHO, SuseFirewall2 is the better tool, especially if you’re going to be doing more advanced stuff such as masquerading and NAT.

If you have trouble compiling from source, post back here. Someone will help.

By the way, it’s not going to be a lot of help here (I looked), but mark this link for future reference:

About Rpmfind.Net WWW Server a.k.a. Rufus.W3.Org

You can sometimes use an RPM for the equivalent Fedora release in Suse, or a somewhat older Suse RPM in the current version.

(“Somewhat” means, of course and for example, that you can’t expect an RPM built for Opensuse 10 to work on 11.1, but you may find that one built for 10.3 or 11.0 WILL work on 11.1.)

And to answer one of your original questions, if you compile from source, you get two things:

  1. PLUS: latest and greatest version.
  2. DRAWBACK: yes, if an update comes out, you’ll have to compile and install the new version yourself. Yast won’t do it for you.

Ok thanks alot. Let me explain to you why I wanted to use fire stater. Reason is I always do a test on my fire walls using this link Shields UP!! — System Error to see whether my fire wall pass the test or not so I did one with the default fire wall on open suse and it faild with flying colors and I hate whenever that happenes. But if I can configure the open suse default fire wall to meet that standard of passing the test I will be much more than happy. Plus I realize that the open suse fire wall barely have any features to do much at all. so if you know how to configure it in order to pass the test I will really appreciate that. thank you in advance

Steve Gibson’s site is excellent. I use it frequently myself. But I just tested my own machine. Gibson’s site said that while the ports were closed or stealthed, it “failed” me because my computer would respond to pings. That was the only failure.

There are different opinions on this. Gibson says that a ping is often the first step in an attack. Yes … and no. Crackers who are out for blood almost always use stealth techniques with tools like NMap nowadays, so in my experience, disabling ping just makes it harder to troubleshoot when you have problems.

For example, if you want to check your connection, the quickest and dirtiest way to do it is with a simple “ping.” That way, you know the cabling, hardware and drivers are OK. You can look elsewhere to see what’s causing your issue.

While I’m not going to criticize Mr. Gibson across the board – that site is very useful – do keep this in mind: he’s selling software, primarily to Windows users. He WANTS you to see that big, scary red “FAILED” message. … … … catch my meaning? :slight_smile:

A vulnerability that might be a show-stopping nightmare under Windows is typically no cause for concern under Linux. (No, not 100% always; speaking in general; [insert all your favorite disclaimers here].)

Oh, and sorry: if you want to disable ping, try what’s suggested in this thread:

Replacement firewall gui - openSUSE Forums

(The title is misleading.)

But as a general rule, there are many options for SuseFirewall2 that can be enabled/disabled by directly editing the config files. I realize that’s not a GUI interface (which, for the record, I much prefer, too!), but there you go, anyway.

It’s you choice. If you want to use firestart, do not for a moment think I’m disparaging it or anything like that. F/OSS == choice. Do what works best for you. lol!

Hi
That is not quite true, both susefirewall and firestarter are just
creating rules for iptables.

You need to ensure you have unused services disabled. If you using an
external router then that is the problem for a failure with sheilds up
test.

Have a friend run nmap on your external ip address. Or get an external
shell account to run your own tests.

If you search here for 11.0 and grab the src rpm and use that to build
a 11.1 version;
Get It


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.1 x86 Kernel 2.6.27.7-9-default
up 7:04, 2 users, load average: 0.12, 0.09, 0.12
GPU GeForce 6600 TE/6200 TE - Driver Version: 180.27

Right. But for some reason, SuseFirewall2 leaves ping “allowed” on some versions by default, and apparently, Firestarter doesn’t.

You need to ensure you have unused services disabled. If you using an
external router then that is the problem for a failure with sheilds up
test.

I’d be interested to know if Gibson is reporting the same thing as Nmap. It may be that his test is more paranoid.