Would some kind soul list the names of some packages that will install a
firewall for 9.1. I read the "Security" section of the work-in-progress
Slack book and I simply don't understand the ipchains/iptables stuff.

Isn't there something like ZoneAlarm or Blackice that will work in Slack
Linux for your average small business user and that does not take a Ph.D in
computer science to install?

Thanks,

Al

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adams-Blake Co. wrote:

> I read the "Security" section of the work-in-progress
> Slack book and I simply don't understand the ipchains/iptables stuff.

It's not as complex as it seems, dig out a few HOWTOs from tldp.org.
http://www.tldp.org/HOWTO/HOWTO-INDE...ml#NETSECURITY

> Isn't there something like ZoneAlarm or Blackice that will work in Slack
> Linux for your average small business user and that does not take a Ph.D
> in computer science to install?

There are a few on freshmeat, couldn't vouch for any of them myself though.
But for a small business man (4' 11" and under ), who doesn't have time
to dig through the docs and is only just begining on linux, slack may not
be the best distro for 'live' usage.

Blumf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/rWdLMid3IcxolsoRAmf4AJ9balD1G7YkyObzKLGHhGbT4Guw1g CeKy+7
khRuMF6GriTW9xPwcZ8mat4=
=MElY
-----END PGP SIGNATURE-----

On Sat Nov 8 21:20:50 2003, Adams-Blake Co. entered the fray by
imparting:

> Would some kind soul list the names of some packages that will install
> a firewall for 9.1. I read the "Security" section of the
> work-in-progress Slack book and I simply don't understand the
> ipchains/iptables stuff.

"Linux Firewalls, Second Edition" (New Riders, ISBN 0-7357-1099-6) is an
excellent resource, as far as any printed book can be these days.
Probably more than you want to know, though.

> Isn't there something like ZoneAlarm or Blackice that will work in
> Slack Linux for your average small business user and that does not
> take a Ph.D in computer science to install?

http://www.linuxguruz.com/iptables/

Nothing on the page requires a Ph.D in computer science to implement. I
had my firewall up and running with Technion's script (plus a few
tweaks), in about twenty minutes. Far be it from me to write my own
from scratch, but it was about as PNP as anything gets in Linux. Just
copy it to /etc/rc.d/rc.firewall, and launch it from /etc/rc.d/rc.local
(before you connect to the Internet, of course), and Bob's yer
uncle.

--
Richard Herbert
Registered Linux user 14329
If there's nothing wrong with me, then ...
there must be something wrong with the Universe!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Sat, 08 Nov 2003 21:20:50 GMT, Adams-Blake Co. <atakeoutcanton@adams-blaketakeout.com> wrote:
> Isn't there something like ZoneAlarm or Blackice that will work in Slack

You might check out http://firestarter.sourceforge.net. I've used it
before and it's a breeze to set up. A frontend for netfilter, it
basically gives you click-and-drool wizard for selecting the ports and
services you want to block/allow.

Bryan

--
Give a man a fish, he owes you one fish.
Teach a man to fish, and you give up your monopoly on fisheries.
- Proprietary Software 101
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/rWrMZHkU/XQom+8RAoJ5AKCZVLofcaha3BSrt2c4gtIqP5NOSwCgs3iF
s7wp5tldgnhFbddnZrFlQVk=
=pTes
-----END PGP SIGNATURE-----

Richard Herbert <linux14329@sympatico.ca> says...

>http://www.linuxguruz.com/iptables/
>
>Nothing on the page requires a Ph.D in computer science to implement. I
>had my firewall up and running with Technion's script (plus a few
>tweaks), in about twenty minutes. Far be it from me to write my own
>from scratch, but it was about as PNP as anything gets in Linux. Just
>copy it to /etc/rc.d/rc.firewall, and launch it from /etc/rc.d/rc.local
>(before you connect to the Internet, of course), and Bob's yer
>uncle.

Or, you can protect your entire network (including any Windows
machines) with Freesco http://www.freesco.info/freesco/



--
Guy Macon, Electronics Engineer and Project Manager. Remember
Doc Brown from the _Back to the Future_ movies? Do you have a
"challenging" engineering project that only an expert like Doc
Brown can solve? See my resume at [ http://www.guymacon.com ].

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Sat, 08 Nov 2003 21:20:50 GMT, Adams-Blake Co. <atakeoutcanton@adams-blaketakeout.com> wrote:
> Would some kind soul list the names of some packages that will install a
> firewall for 9.1. I read the "Security" section of the work-in-progress
> Slack book and I simply don't understand the ipchains/iptables stuff.

It does look like Greek, 'eh? A nice graphical firewall would be nice
for the uneducated masses, perhaps.

I have a friend, running a RH box, that uses something with the word Dog
in it, I think. Hmmm... let me VNC over there and see if he has the
window open...

:::tick, tock... tick, tock.... tick, tock:::

Ah, no dog in the name, it's just called 'Firestarter' ...

It's GTK+2 based, very pretty, reminds me of ZoneAlarm, somehow.

It's a good start, I suppose, but leads to some *very* ugly firwalls.

This is how ugly his firewall has become:

[root@gate2hell root]# iptables-save | wc -l
391

Or, if you want, I can email you the firewall I'm using. I modified it
from a friend's firewall (I dunno if he wants folks seeing his firewall
publically, though, so I won't post his name - he certainly can, though
if he wants to)... I think it's pretty straight-forward to get setup so
you have a fairly secure firwall. You basically just feed it ports you
want left open, any ports you want forwarded or redirected and to where
you want them forwarded or redirected, and the name of your inside int-
face, if you're running a router, too... and it does all the rest. Its
capable of running on a standalone machine, I would think. Oh, I don't
know how well it works with dynamic or dialup connections, as it is set
up for just being used on static connections. Send me an email or Inst
message me and I'll get a copy of it out to you pretty quickly, I hope.

72-chars, including the newline. I only cheated twice, too, I think.
:-)

> Isn't there something like ZoneAlarm or Blackice that will work in Slack

LOL! BlackIce or ZoneAlarm in Linux... :-)

Maybe try Wine?

No, don't - I was kidding. :-)

FWIW, BlackIce and ZoneAlarm really are Bad things. IMHO, generally
they do more harm than good, causing uneducated folks to become overly
paranoid about their computers being hacked. They see every stray
packet coming their direction as some criminal out there trying to hack
in to their computers to steal their credit card information and use
their systems to hack the CIA!

The articles up at SamSpade.org pretty well spell out how I feel about
the whole thing:

http://www.samspade.org/d/persfire.html
http://www.samspade.org/d/firewalls.html

--
Rob | If not safe,
Email and Jabber: | one can never be free.
athlonrob at axpr dot net |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/rWkmhm6KEoOOAe0RAkJ3AJ0fFVJuafYH6JxmfKRm6huAiNlHnQ Cg1vRg
aPVv+kqlDfatJ/e9r7TvluU=
=Uhp+
-----END PGP SIGNATURE-----

Adams-Blake Co. wrote:
> Would some kind soul list the names of some packages that will install a
> firewall for 9.1. I read the "Security" section of the work-in-progress
> Slack book and I simply don't understand the ipchains/iptables stuff.
>
> Isn't there something like ZoneAlarm or Blackice that will work in Slack
> Linux for your average small business user and that does not take a Ph.D in
> computer science to install?

You can get "Arno's iptables firewall script" from freshmeat.net
and if you want to make a Slackware installation package to make
it easier to install/upgrade you can get a SlackBuild script here:

ftp://12.219.169.125/linux/SlackBuil...bles-firewall/

These scripts don't configure the firewall they are only for
install/un-install purposes.

--
Confucius: He who play in root, eventually kill tree.
Registered with The Linux Counter. http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
Uptime: 33 days, 4:25, 4 users, load average: 1.25, 1.72, 1.7

In article <S6drb.2521$6c3.2393@newsread1.news.pas.earthlink. net>,
Adams-Blake Co. wrote:
> Would some kind soul list the names of some packages that will install a
> firewall for 9.1.

You need the iptables package installed. That's the only optional Slack
package involved.

I have used and can recommend MonMotha's firewall (you can find it
listed at http://freshmeat.net/ .) All you need to do is edit it to set
some parameters, and (for broadband / always on connections) copy it to
/etc/rc.d/rc.firewall, and make it executable.

For dialup Internet (which is how I used that particular firewall
script) simply put a call to it from /etc/ppp/ip-up. It doesn't matter
where you save the file nor what you name it.

You can read what parameters to edit; unless you want to open ports it
should be very simple. I don't have a recent MonMotha's script around
but I/we could help you with any questions you might have if you post
again.

> I read the "Security" section of the work-in-progress
> Slack book and I simply don't understand the ipchains/iptables stuff.

One who really wants to learn iptables syntax would do well to read the
HOWTOs at www.netfilter.org. They're very good reading. However, you can
easily get by with a ready-made script like MonMotha's.

> Isn't there something like ZoneAlarm or Blackice that will work in Slack

iptables firewalls are probably far better.

> Linux for your average small business user and that does not take a Ph.D in
> computer science to install?

I wouldn't ask any Ph.D.'s in CS to install a firewall. The only Ph.D. I
know whom I'd trust with a firewall is Joost.[1]

BTW Al, thanks for the link you posted to the explanation of your
company name. That was a very nice story. I'm glad you managed to avoid
being in-spected, in-jected, nee-glected and see-lected.


[1] I'm sure Bryan and other academics here could handle it too, but I
don't know who besides Joost has the doctorate.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

On Sat, 08 Nov 2003 21:20:50 GMT, Adams-Blake Co.
<atakeoutcanton@adams-blaketakeout.com> wrote:
> Would some kind soul list the names of some packages that will install a
> firewall for 9.1.

In Linux, firewalls operate slightly differently. There is a firewall
called netfilter built into the kernel, which can be configured using
iptables. There are programs that act as a front-end to iptables, but
I've never used them so I can't comment on how good they are. A search
on <URL:http://freshmeat.net/> for 'firewall' might give you details on
a few of them.

> I read the "Security" section of the work-in-progress
> Slack book and I simply don't understand the ipchains/iptables stuff.

You can ignore the ipchains section, as that's only useful for 2.2.x
kernels. Is there any particular part of it that you don't understand?
It's geared towards people like yourself, so it would be useful to know
what parts you had trouble with & which parts need more explanation
(the book won't get better without feedback).


--
Simon <simon@no-dns-yet.org.uk> **** GPG: F4A23C69
"We demand rigidly defined areas of doubt and uncertainty."
- Douglas Adams

In article <6fpjob.6rg.ln@dsl-gervais-88.web-ster.com>, AthlonRob wrote:
> Or, if you want, I can email you the firewall I'm using. I modified it
> from a friend's firewall (I dunno if he wants folks seeing his firewall
> publically, though, so I won't post his name - he certainly can, though

It's not the best firewall around. I tend to recommend MonMotha's over
my own firewall because it's probably easier to manage.

When I get around to rewriting it I plan to separate out the INPUT and
FORWARD chains; replacing "Allow" with at least 3 chains, one for INPUT,
one for FORWARD, and one for both.

It's a good firewall in terms of being strong, but it could stand some
improvement in various other areas.

> capable of running on a standalone machine, I would think. Oh, I don't
> know how well it works with dynamic or dialup connections, as it is set
> up for just being used on static connections. Send me an email or Inst

There's no reason why it wouldn't work on dialup. You just set the EXTIF
to ppp0. But a lot of the features wouldn't matter, I'd think.

> 72-chars, including the newline. I only cheated twice, too, I think.

Oh no, brick text and I didn't even notice it! I did pick up on the
cheating, however.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply