What's the best firewall to use for Debian/Linux?

Hello. I am looking for an easy to setup firewall and use for my Debian
box that has ethernet, dial-up modem, and wireless connections. I read
that IPchains is popular, but difficult to master. I assume there's a
GUI version of it. I found a HowTo guide, but it is horribly outdated on
http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).

I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
and Conseal PC Firewall. Obviously, these were all GUI based in Windows.
I don't really care about outbound connections. I am more concerned with
incoming connections. Also, I do need to be able to FTP, ssh, and Samba
(not on dial-up and outside my mini-LAN) into my Debian box.

I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
newbie. Thank you in advance.
--
"Not to engage in the pursuit of ideas is to live like ants instead of men." --Mortimer J. Adler
/\___/\
/ /\ /\ \ Ant @ The Ant Farm: http://antfarm.ma.cx
| |o o| | Ant's Quality Foraged Links: http://aqfl.net
\ _ / Please remove ANT if replying by e-mail.
( )

ANT...@zimage.com wrote:
> Hello. I am looking for an easy to setup firewall and use for my
Debian
> box that has ethernet, dial-up modem, and wireless connections. I
read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated
on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).
>
> I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
> and Conseal PC Firewall. Obviously, these were all GUI based in
Windows.
> I don't really care about outbound connections. I am more concerned
with
> incoming connections. Also, I do need to be able to FTP, ssh, and
Samba
> (not on dial-up and outside my mini-LAN) into my Debian box.
>
> I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
> newbie. Thank you in advance.

Ipchain is _years_ out of date. You need iptables built into your
distro.

Go here for info and scripts and howtos and even links to gui front
ends:
http://www.netfilter.org/documentati...html#tutorials
http://www.fwbuilder.org/images/screenshot1.png
http://www.fwbuilder.org/images/screenshot3.png


hth,
prg
email above disabled

Please remove ANT before posting to ngs. After all, you don't want
them in your emails.

> I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
> newbie. Thank you in advance.


Well Guarddog is a good gui for Iptables which is the firewall in the
latest kernels.

Dave
--

Some people use windows, others have a life.

Netfilter is the built-in firewall for that kernel (2.6.8). you can either
use iptables directly to manipulate it (command-line based) or use a GUI
front-end like FireStarter. Either way, check out netfilter.org for (A LOT)
more information.

[Unannounced and senseless followup-to ignored]

(E-Mail Removed) writes:

> Hello. I am looking for an easy to setup firewall and use for my Debian
> box that has ethernet, dial-up modem, and wireless connections. I read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).

Anything based on iptables would be essential. Plenty enough people have
posted links to firewall starter scripts here - even I have, before now,
see <http://spodzone.org.uk/packages/secure/iptables.sh>. Grab one, tailor
it for your needs, make debian use it somehow[0], off you go.

[0] Distributions have their own ways & means of starting and stopping
firewalls; debian, gentoo and redhat/fedora (last time I checked) use a
digested form of the rules from `iptables-save' which they restore and save
on startup/shutdown respectively. If you start from a script, you should
keep the script lying around somewhere, run it to set the firewall in
motion, and do an iptables-save into the appropriate file for posterity so
the distro uses that.

~Tim
--
10:46:59 up 7 days, 28 min, 1 user, load average: 0.30, 0.33, 0.55
(E-Mail Removed) |Running to the light
http://spodzone.org.uk/cesspit/ |

On 2005-01-04, (E-Mail Removed) <(E-Mail Removed)> wrote:
> Hello. I am looking for an easy to setup firewall and use for my Debian
> box that has ethernet, dial-up modem, and wireless connections. I read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).
>
> I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
> and Conseal PC Firewall. Obviously, these were all GUI based in Windows.
> I don't really care about outbound connections. I am more concerned with
> incoming connections. Also, I do need to be able to FTP, ssh, and Samba
> (not on dial-up and outside my mini-LAN) into my Debian box.
>
> I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
> newbie. Thank you in advance.


Ipchains is the older method. Iptables the newer method.
Use one or the other - not both.

I recommend Guarddog as a nice GUI front end to help you set
up your IPtables filter rules.

http://www.simonzone.com/software/guarddog/


Neo
--
| .~. Replace 'A' with 'o' for correct email address.|
| /V\ |
| /( )\ Free Office Software at |
| ^^-^^ http://www.openoffice.org |

(E-Mail Removed) wrote:

> Hello. I am looking for an easy to setup firewall and use for my Debian
> box that has ethernet, dial-up modem, and wireless connections. I read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).
>
> I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
> and Conseal PC Firewall. Obviously, these were all GUI based in Windows.
> I don't really care about outbound connections. I am more concerned with
> incoming connections. Also, I do need to be able to FTP, ssh, and Samba
> (not on dial-up and outside my mini-LAN) into my Debian box.
>
> I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
> newbie. Thank you in advance.

I don't about best, but one that I know works is called guard dog.
Mepis liveCD distro has that built in from at least 2003.
http://www.frozentech.com/content/livecd.php

(E-Mail Removed) wrote:

> Hello. I am looking for an easy to setup firewall and use for my Debian
> box that has ethernet, dial-up modem, and wireless connections. I read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).
>
> I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
> and Conseal PC Firewall. Obviously, these were all GUI based in Windows.
> I don't really care about outbound connections. I am more concerned with
> incoming connections. Also, I do need to be able to FTP, ssh, and Samba
> (not on dial-up and outside my mini-LAN) into my Debian box.
>
> I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
> newbie. Thank you in advance.

Try:
Easy Firewall Generator for IPTables
http://easyfwgen.morizot.net/gen/

On Mon, 03 Jan 2005 23:00:32 -0600, (E-Mail Removed) <(E-Mail Removed)> wrote:

> Hello. I am looking for an easy to setup firewall and use for my Debian
> box that has ethernet, dial-up modem, and wireless connections. I read
> that IPchains is popular, but difficult to master. I assume there's a
> GUI version of it. I found a HowTo guide, but it is horribly outdated on
> http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).

Take a look at Bastille. It's a Linux hardening script that will configure
iptables.


--
I don't want much: a loaf of bread, a jug of wine,
a box of ammo and a browser that doesn't suck.
Chuck Bridgeland, chuckbri at computerdyn dot com

In article <BaWdna_fJbhtv0fcRVn-(E-Mail Removed)>, (E-Mail Removed)
says...
:Hello. I am looking for an easy to setup firewall and use for my Debian
:box that has ethernet, dial-up modem, and wireless connections. I read
:that IPchains is popular, but difficult to master. I assume there's a
:GUI version of it. I found a HowTo guide, but it is horribly outdated on
:http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (last updated on Y2K!).
:
:I am used to Kerio Personal Firewall v2.14, Norton Internet Security,
:and Conseal PC Firewall. Obviously, these were all GUI based in Windows.
:I don't really care about outbound connections. I am more concerned with
:incoming connections. Also, I do need to be able to FTP, ssh, and Samba
not on dial-up and outside my mini-LAN) into my Debian box.
:
:I am using Kernel 2.6.8 in Debian. Any comments welcomed for a Debian
:newbie. Thank you in advance.
:

You might try Guarddog. It is really easy to use.