Matt Randolph schreef: > I've seen related threads here recently, but I think my question is > different enough to warrant a new thread.
I think you're not quite right :), but I can see why you'd think this. > > I'm looking for a personal firewall along the lines of the ZoneAlarm > product for Windows. I don't want to take the time to teach myself > iptables if there is a simple alternative. Sure there is; just use one of the many GUI front ends for iptables that are "pre-set", as it were, for personal (workstation) settings, rather than router or server settings. As far as I can see, iptables *is* the firewall, but that doesn't mean you have to go all full-bore with it. > I'm not trying to do anything complicated like protect a LAN or include > a DMZ or run an ftp server or anything like that. I'm just looking for > a quick and easy way to add another layer of protection to my desktop by > closing all unused ports. > A GUI is preferred but is not required. > > Any suggestions? > > (If you dare answer,) what firewall do you use and why did you choose it? I use (the) firestarter (frontend for iptables). It seems quite clever; I still appear to ShieldsUP! as stealth (including those ports I have forwarded to be open to specific apps), but those applications/services which are set to use specific ports via UDP (azureus, for example), are able to pass through without issue (and in fact without my having to specifically configure Firestarter to allow them to, although I did, because of the UDP, I believe). Firestarter has specific pre-sets to allow various known services through the firewall, and runs as a daemon, though there's a GUI you can run in the tray if you often need to check or reconfigure something. I ran the tray applet the first day; it seemed to work well, so I don't run it any more unless something changes on my system as a whole (I started running an ftp server, for example), and I would need to reconfigure slightly. Firestarter was recommended to me by the Shorewall page: > Shorewall is not the easiest to use of the available iptables configuration > tools but I believe that it is the most flexible and powerful. So if you are > looking for a simple point-and-click set-and-forget Linux firewall solution > that requires a minimum of networking knowledge, I would encourage you to > check out the following alternatives: > > * > > http://www.m0n0.ch/wall/ > * > > http://www.fs-security.com/ > Firestarter is the second link. HTH, Holly -- gentoo-user@gentoo.org mailing list
