Is Guarddog still the easiest and best firewall GUI program for Linux?

Hello.

Is Guarddog still the best frontend GUI program to configure iptables
for firewalls in Linux (Debian) and average Linux desktop users?

Thank you in advance.
--
Quote of the Week: "Stir up an ant's nest." --unknown
/\___/\ Ant @ http://antfarm.home.dhs.org (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / Please nuke ANT if replying by e-mail. If crediting,
( ) then please kindly use Ant nickname and AQFL URL/link.

On Friday, December 2nd, 2011, at 15:14:49h -0600, Ant asked:

> Is Guarddog still the best frontend GUI program to configure iptables
> for firewalls in Linux (Debian) and average Linux desktop users?

<http://www.simonzone.COM/software/guarddog/>

1) Guarddog has not had a new release in over 4 years.

2) The last release of Guarddog was based on the obsolete QT3/KDE3.

2) Debian unstable no longer provides Guarddog.

Please draw your own conclusions in terms of what you consider "best".

As an alternative you may wish to consider gufw.

Description: graphical user interface for ufw

gufw is an easy and intuitive way to manage your Linux firewall.

It supports common tasks such as allowing or blocking pre-configured,
common p2p, or individual port(s), and many others!

Homepage: https://launchpad.net/gui-ufw

On 2011-12-02, Ant <(E-Mail Removed)> wrote:
> Hello.
>
> Is Guarddog still the best frontend GUI program to configure iptables
> for firewalls in Linux (Debian) and average Linux desktop users?

I don't think so. I use arno's firewall:

http://rocky.eld.leidenuniv.nl/joomla/

Arno's firewall starts out blocking everthing coming at your computer.
The only traffic allowed, by default, is outgoing traffic from your
computer and it's subject to stateful inspection. End of story. If
you want to allow incoming traffic for a server (ssh, http, etc), you
can do so by editing the bash script file that configures iptables at
boot up.

I tried figuring out guarddog, but it was jes too confusing. With
arno's, no icons or zones or whatever all that GD crap is. Jes get it
running and forget it. This on a slackware box, where the command
line is mightier than the mouse.

If yer running ubuntu or some ubu variant, ufw seems to work well
enough. It certainly lives up to its name, uncomplicated firewall.
I'd stick with that. I don't know if ufw is available for debian.

nb

On Friday, December 2nd, 2011, at 21:42:28h +0000, NotBob wrote:

> On 2011-12-02, Ant <(E-Mail Removed)> wrote:
>> Hello.
>>
>> Is Guarddog still the best frontend GUI program to configure iptables
>> for firewalls in Linux (Debian) and average Linux desktop users?
>
> I don't think so. I use arno's firewall

I think you missed the bit in the question about "frontend GUI".

Ant wrote:
> Hello.
>
> Is Guarddog still the best frontend GUI program to configure iptables
> for firewalls in Linux (Debian) and average Linux desktop users?
>

Depends on what you know about firewalling...

I have used Webmin, and it was good enough for me, but in the end I
needed to write done a fairly tidy set of rules anyway, and it wasn't
hard to do that as a series of command line commands wrappedd into a
script,.


> Thank you in advance.

On 12/2/2011 1:42 PM PT, notbob typed:

> On 2011-12-02, Ant<(E-Mail Removed)> wrote:
>> Hello.
>>
>> Is Guarddog still the best frontend GUI program to configure iptables
>> for firewalls in Linux (Debian) and average Linux desktop users?
>
> I don't think so. I use arno's firewall:
>
> http://rocky.eld.leidenuniv.nl/joomla/
>
> Arno's firewall starts out blocking everthing coming at your computer.
> The only traffic allowed, by default, is outgoing traffic from your
> computer and it's subject to stateful inspection. End of story. If
> you want to allow incoming traffic for a server (ssh, http, etc), you
> can do so by editing the bash script file that configures iptables at
> boot up.
>
> I tried figuring out guarddog, but it was jes too confusing. With
> arno's, no icons or zones or whatever all that GD crap is. Jes get it
> running and forget it. This on a slackware box, where the command
> line is mightier than the mouse.
>
> If yer running ubuntu or some ubu variant, ufw seems to work well
> enough. It certainly lives up to its name, uncomplicated firewall.
> I'd stick with that. I don't know if ufw is available for debian.

Ah, I want GUI because it is easier to understand what's going on. I use
similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
2009, Conseal PC Firewall, Norton, etc.

--
"Forbear, thou great good husband, little ant." --Richard Lovelace
/\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

On 12/2/2011 8:05 PM PT, The Natural Philosopher typed:

>> Is Guarddog still the best frontend GUI program to configure iptables
>> for firewalls in Linux (Debian) and average Linux desktop users?
>
> Depends on what you know about firewalling...

Just basics like what needs to go in and out from alerts from programs.


> I have used Webmin, and it was good enough for me, but in the end I
> needed to write done a fairly tidy set of rules anyway, and it wasn't
> hard to do that as a series of command line commands wrappedd into a
> script,.

Well, I usually wait for the network programs to alert me of accesses.
--
"Remember when walking down the road of life, always stop and squish the
ants." --Albian in Creatures game
/\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

hi,

Ant a tapoté, le 02/12/2011 22:14:
> Hello.
>
> Is Guarddog still the best frontend GUI program to configure iptables
> for firewalls in Linux (Debian) and average Linux desktop users?


I don't know Guarddog, for using on a GUI I use firestarter.


--
Stéphane

<http://pasdenom.info/fortune/>

Quatre-vingt ans, c'est l'âge de la puberté académique.
-+- Paul Claudel -+-

On 03/12/11 09:30, Ant wrote:
> On 12/2/2011 1:42 PM PT, notbob typed:
>
>> On 2011-12-02, Ant<(E-Mail Removed)> wrote:
>>> Hello.
>>>
>>> Is Guarddog still the best frontend GUI program to configure iptables
>>> for firewalls in Linux (Debian) and average Linux desktop users?
>>
>> I don't think so. I use arno's firewall:
>>
>> http://rocky.eld.leidenuniv.nl/joomla/
>>
>> Arno's firewall starts out blocking everthing coming at your computer.
>> The only traffic allowed, by default, is outgoing traffic from your
>> computer and it's subject to stateful inspection. End of story. If
>> you want to allow incoming traffic for a server (ssh, http, etc), you
>> can do so by editing the bash script file that configures iptables at
>> boot up.
>>
>> I tried figuring out guarddog, but it was jes too confusing. With
>> arno's, no icons or zones or whatever all that GD crap is. Jes get it
>> running and forget it. This on a slackware box, where the command
>> line is mightier than the mouse.
>>
>> If yer running ubuntu or some ubu variant, ufw seems to work well
>> enough. It certainly lives up to its name, uncomplicated firewall.
>> I'd stick with that. I don't know if ufw is available for debian.
>
> Ah, I want GUI because it is easier to understand what's going on. I use
> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
> 2009, Conseal PC Firewall, Norton, etc.
>

These aren't similar products. Windows "firewalls" operate in a
completely different way from Linux firewalls. Linux firewalls are
concerned about what comes into, goes out of, or passes through your
machine at a lower level. Mostly you allow or deny packets depending on
their source (which interface they come in on, or their IP address),
their destination, and their protocol and port (such as port 80 tcp for
http traffic). There are, of course, many other possibilities and
features of iptables firewalls.

For typical home use, you only need a very simple setup - everything
outgoing is allowed, everything incoming is blocked unless it is in
answer to outgoing connections. You may also want to open particular
incoming ports, for applications such as bittorrent.


Windows firewalling does most of that, though not perfectly (and with
far fewer advanced options) - I believe there are certain services and
accesses that you can't disable because the system uses them. It is not
uncommon that attacks on Windows machines with the native firewall or
third-party firewalls do so by exploiting flaws in the firewall software.

What firewalls on Windows do, that firewalls on Linux normally don't do,
is try to place limits on /programs/. In the Windows world, the
assumption is that many of the programs running on your machine are
malware, or legitimate programs that otherwise "phone home" in an
undesirable way, or illegal copies of programs that might report
themselves back to the publishers. So much of a Windows firewall's
efforts are concerned with limiting the function of programs running on
your system. Again, they vary a lot on how successful they are, and
what the run-time costs in performance are. And they do not "show you
what's going on" - they give some information about some things, but you
have no way to be sure of any of it.


Of course in Linux it is possible to limit programs' access to
networking if you want - but it is normally only done by people looking
for more advanced security measures. The simplest way is probably to
make an extra user and set up rules to limit that user's access - then
you run your suspect program as that user (if your program is suspect,
you wouldn't want to run it as your normal user anyway). Or you would
use a virtual machine to get better sandboxing. For more complete
measures, including controlling the access of root programs, you should
probably look at SELinux.

I have no idea if there are gui's that help with this. But since it's
way beyond what most people need, and something that needs to be
thoroughly understood to be useful, I doubt it.

On 12/3/2011 3:23 AM PT, David Brown typed:

>> Ah, I want GUI because it is easier to understand what's going on. I use
>> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
>> 2009, Conseal PC Firewall, Norton, etc.
>
> These aren't similar products. Windows "firewalls" operate in a
> completely different way from Linux firewalls. Linux firewalls are
> concerned about what comes into, goes out of, or passes through your
> machine at a lower level. Mostly you allow or deny packets depending on
> their source (which interface they come in on, or their IP address),
> their destination, and their protocol and port (such as port 80 tcp for
> http traffic). There are, of course, many other possibilities and
> features of iptables firewalls.
>
> For typical home use, you only need a very simple setup - everything
> outgoing is allowed, everything incoming is blocked unless it is in
> answer to outgoing connections. You may also want to open particular
> incoming ports, for applications such as bittorrent.
....

Well, I still want to get prompted what goes in and out. Then, I can
tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I
don't allow everything to go out either since I hate programs that phone
home.
--
"The evaluator counts the ants at the picnic of progress." --Mohan Singh
/\___/\ Ant @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.