firewalls

hi everyone
i want to install & configure firewall?i want to know about the best firewalls in opensuse11.1 and i dont know anyone! please offer 2 firewall for using .
thanks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By default OpenSUSE comes with NetFilter/iptables which is a great
firewall. It’s even enabled by default. This is a kernel module so it
cannot be unloaded by malicious software unless that software is running
as ‘root’ (in which case you have bigger problems than a firewall issue)
and can be tuned to limit incoming, outgoing, and other types of traffic.

Good luck.

msadeghi wrote:
> hi everyone
> i want to install & configure firewall?i want to know about the best
> firewalls in opensuse11.1 and i dont know anyone! please offer 2
> firewall for using .
> thanks
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ8hi4AAoJEF+XTK08PnB5cQ0P/0hU8jz3E1Z0VZ3X4XlEukXd
j+4zhA3oJZkEpohYopmHESwyPufMnxSzlOnof2ih5FkUTNizo610lybb2BdU+/ml
5YQmpmkBEuEHZ6kLeYTddNQeqT6VztbZ6TWbSjkBgOObvj2TQ8WyFnmNk76nrN5u
3ip5snBL0kVnBSwEPDCgl8kyGDk7dFlMUQtU4drsPdJemmIacbeWy7faAudMZ45Q
JBjLP1PyGMWKLmRmMczen5Kw44ED96YfDLFVvICCwlVC7++N8e8tkHvU0IXXYGQf
UBtGXKsL70se/CmI9I+GiyRFoVUmj0+2Lp/ZkynIM+ClIeFwkoWVCyWR0q66qbWG
NGxd7I7h26n4fvh8fwMUjiQdDfcFdzlGbNq23CV0i3xksKgFex/BDncHaoUOE0AV
CDfNEEjrAyqn+OB3Rk65PS9mOGJGDR18/gtn01v6JIv3e6t1xNWpyMb5bHpShrdD
IuE/xGdNEiF4/HuudbR9oU4JKJ5+AhCYIdOu3tCV6N3elfaYOGPAKvw73k5530/T
eTxZsUERf6JN0GLxaHgv6PKRFb66Fdrc23zK4Ra8i4RmrX04Ub80H+sgEak+v/x3
70ktRkqK3kBf1DlQfW/1yfdbngT48aeWPkHoWCIJdT/WwLN4pBfGX8Eq2FtDgqEq
zsa2mlgww8Kk4iy96vpX
=lmAj
-----END PGP SIGNATURE-----

openSUSE has a firewall built in. Just relax and enjoy. Most likely time you need visit the settings is for opening ports for bittorrent.

thanks all
i need something like ISA in windows but in linux

msadeghi wrote:
> thanks all
> i need something like ISA in windows but in linux
>
>

No, you need something like netfilter, in Linux.

SuSEfirewall2 is like isa in windows but better. Here’s what a leading analysis says about SuSEfirewall2:

What is SuSEfirewall2?

OpenSUSE’s SuSEfirewall2 is an integrated network edge security gateway that helps protect IT environments from Internet-based threats while providing users fast and secure remote access to applications and data.

Usage Scenarios

SuSEfirewall2 provides value to IT managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or reduced cost of network operations.

SuSEfirewall2 can help you:

  • Defend Against External and Internal Web-Based Threats. SuSEfirewall2 was engineered to deliver stronger security to manage and protect your networks.
  • Securely Publish Content for Remote Access. SuSEfirewall2 facilitates remote access to corporate data, resources and applications.
  • Securely Connect Branch Offices. SuSEfirewall2 enables easy and cost effective site-to-site branch office connectivity and saves valuable WAN bandwidth.

Protect Your Network From External and Internal Internet-Based Threats:

Businesses need to eliminate the damaging effects of malware and attackers through a comprehensive set of tools for scanning and blocking harmful content, files, and Web sites. SuSEfirewall2 can help organisations protect their environments from internally and externally originating Internet-based threats. With a hybrid architecture, deep content, granular policies, and comprehensive capabilities, SuSEfirewall2 makes it easier to manage and protect your network.

Securely Publishing Your Content for Remote Access:

Businesses need to provide employees and partners with secure and appropriate remote access to applications, documents, and data from any PC or device. SuSEfirewall2 enables organizations to make their Web application servers accessible in a more secure way to remote users outside the corporate network. SuSEfirewall2 makes it easier to provide security for corporate applications accessed over the Internet.

With those superbly engineered and well thought out capabilities, SuSEfirewall2 is the acknowledged Industry Leader in comprehensive network protection.

swerdna wrote:
> SuSEfirewall2 is like isa in windows but better. Here’s what a leading
> analysis says about SuSEfirewall2:
>
>> WHAT IS SUSEFIREWALL2?
>>
>> OPENSUSE’S SUSEFIREWALL2 IS AN INTEGRATED NETWORK EDGE SECURITY GATEWAY
…]
> With those superbly engineered and well thought out capabilities,
> SuSEfirewall2 is the acknowledged Industry Leader in comprehensive
> network protection.

With all that (Novell?) marketing droid dribble for "enterprises’ you’d
think that SUSEfw2 would have at least built-in support for e.g. multi-ISP
setup, a means to monitor the damn thing without resorting to the raw kernel
log messages, documentation that goes further that some cryptic comments in
the only, and by the way much too large, config file (I know there’s some
sort of a manual in the Unofficial SUSEfaqs, that doc hasn’t been updated
in the last 5 years though…)

Btw: SUSEfw2 is NOT the firewall, it’s merely a shell-script front-end
for the kernel’s netfilter module. Of course; that’s the same for all Linux
Firewalls.

OP would be clever to look at other options besides SUSEfirewall2, specially
if he wants to do things that go beyond a simple Ext/DMZ/Int setup.

Theo (who obviously doesn’t think much about the SUSE “solution”)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I assume you’re looking for some kind of information, but I’m not able to
pick out what that is from your post. If you want an entirely different
firewall solution then go find one, but the fact remains that Linux in
general uses NetFilter and that is controlled by iptables commands.
SuSEfirewall2 is, as you mentioned, a set of scripts to configure the
firewall on startup and can be fairly-easily configured via Yast. If you
really want to do something more advanced than some port opening, closing,
and doing so for different networks, then just make the calls to NetFilter
yourself by customizing the startup scripts directly. This should give
you about all the control you could ever want. Like any application or
system the really advanced editing isn’t feasible in a GUI. Could it be
done? Sure, but opensuse is a free distribution targeted at
non-administrators who don’t need to do that. The power is there, but to
use it you need to have that knowledge yourself. As soon as Novell
releases a product made to be a firewall I’ll expect a little more
hand-holding, but Novell makes servers and desktop and this fits in there
nicely.

Check out one of the two articles David Mair wrote for information on
customizing firewalls with SUSE:
http://www.novell.com/coolsolutions/author/3811.html

Good luck.

LittleRedRooster wrote:
> swerdna wrote:
>> SuSEfirewall2 is like isa in windows but better. Here’s what a leading
>> analysis says about SuSEfirewall2:
>>
>>> WHAT IS SUSEFIREWALL2?
>>>
>>> OPENSUSE’S SUSEFIREWALL2 IS AN INTEGRATED NETWORK EDGE SECURITY GATEWAY
> …]
>> With those superbly engineered and well thought out capabilities,
>> SuSEfirewall2 is the acknowledged Industry Leader in comprehensive
>> network protection.
>
> With all that (Novell?) marketing droid dribble for "enterprises’ you’d
> think that SUSEfw2 would have at least built-in support for e.g. multi-ISP
> setup, a means to monitor the damn thing without resorting to the raw kernel
> log messages, documentation that goes further that some cryptic comments in
> the only, and by the way much too large, config file (I know there’s some
> sort of a manual in the Unofficial SUSEfaqs, that doc hasn’t been updated
> in the last 5 years though…)
>
> Btw: SUSEfw2 is NOT the firewall, it’s merely a shell-script front-end
> for the kernel’s netfilter module. Of course; that’s the same for all Linux
> Firewalls.
>
> OP would be clever to look at other options besides SUSEfirewall2, specially
> if he wants to do things that go beyond a simple Ext/DMZ/Int setup.
>
> Theo (who obviously doesn’t think much about the SUSE “solution”)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ8xekAAoJEF+XTK08PnB5Ho4QAKtQWO4WA0hWbM9KVileuwwm
zx4JpWRD4vdBX8nbSlbmji9ZcTlBUJQt91BCuA3lkC4QP+KvRNWVN/ElZiDqlkKR
bM4zOFbbJUiZE8jUYRy39RoPxUa05+W3rK93BhF7yVpH2P8NTccLJj9LfeuPcY1t
SDzxfeFTXHr4EdzIDePoMwrhuLVYtu2QnUA4L/13kP5Ai3tgqPdUIfnOtVTI2tvI
V285tdBOxRQ/zkoXoSTkrdMcfAmX55q8S4FtXua3Vrw/RygdGVXmfpR0LkCOxA9W
gHpotuICB4/lXd2I9ZgovC3Z/JX2x1x/TlDatt/B3dOiAxf2wvT52q+tU4l8BBbK
gyLdxSAtH7HnU+xf04wF4dcsKKk3WMh6Eqlmk1g3WcI5+Ve1gngxus3wIW1THLgA
+KNrqejcp/wZ7vbUwTVjtV7Wnx4+LxS+ZSbjT1Vha/FmzKFzdYb+GEMTMIzfkUrg
PBk9dDFY/L+D8nh8AtFNdMNAhMpRymq/kJxWQMBq5/D/BBBO6Xs2pS4f/iznuJQ9
W1Tzz4vmMo00r9dY13F2Ikw/AE04n6gDhD+MwKLY1XqGK3MRybKNs/5Ty/4MCuY1
SvhKAy1FXx6kKhPwMWW+DwNIxq0t0ySrYR4/HhtmiACwv33pG5AuXO/qkqztqi4M
UMQSs1Qe9KBEEI/xha3q
=4aFh
-----END PGP SIGNATURE-----

Not quite April the first Theo, but I just couldn’t resist imitating microsoft’s say-nothing advertising and seeing who bit lol!

swerdna wrote:
> LittleRedRooster;1977530 Wrote:
>> …Theo (who obviously doesn’t think much about the
>> SUSE “solution”)
>
> Not quite April the first Theo, but I just couldn’t resist ‘imitating
> microsoft’s’ (http://tinyurl.com/cxbzse) say-nothing advertising and
> seeing who bit lol!

:slight_smile:
Kudos! You should apply for their marketing department, you speak the speak
very well!

Theo

ab@novell.com wrote:
> I assume you’re looking for some kind of information, but I’m not able to
> pick out what that is from your post. If you want an entirely different
> firewall solution then go find one, but the fact remains that Linux in
> general uses NetFilter and that is controlled by iptables commands.

If it’s me you’re addressing (hard to say from a newclient pov); don’t bother.
I found a much better configuration front-end for iptables/netfilter than
SUSEfw2 quite some time ago in the form of Shorewall.
And with this front-end it’s a piece of cake to configure the most elaborate
firewall and traffic control set-ups with ease.

> SuSEfirewall2 is, as you mentioned, a set of scripts to configure the
> firewall on startup and can be fairly-easily configured via Yast. If you
> really want to do something more advanced than some port opening, closing,
> and doing so for different networks, then just make the calls to NetFilter
> yourself by customizing the startup scripts directly. This should give

That’s not really an option if you want the set-up to be readable and
maintainable by more than one person.
I happen to maintain the firewall set-up at work, but the “other” network
admin does like, and expect, to be able to de-cypher what I have been putting
in the gateway server.
As he’s a Windows man, that would be impossible with raw iptables scripts, but
with the Shorewall rules file, it’s a no-brainer to show him what’s going on.

Theo