Personal firewall like Zone Alarm: is it exists? - Security

This is a discussion on Personal firewall like Zone Alarm: is it exists? - Security ; Hello, I'm looking for a software like Zone Alarm (personal firewall) that works on Linux. Can you help me?...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Personal firewall like Zone Alarm: is it exists?

  1. Personal firewall like Zone Alarm: is it exists?

    Hello,

    I'm looking for a software like Zone Alarm (personal firewall)
    that works on Linux. Can you help me?

  2. Re: Personal firewall like Zone Alarm: is it exists?

    ant wrote:
    > Hello,
    >
    > I'm looking for a software like Zone Alarm (personal firewall)
    > that works on Linux. Can you help me?


    Check out http://www.fs-security.com/

    A netfilter (iptables) frontend. Easy to use

    mvh
    Kenneth Hårstad

  3. Re: Personal firewall like Zone Alarm: is it exists?

    On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:

    > Hello,
    >
    > I'm looking for a software like Zone Alarm (personal firewall) that
    > works on Linux. Can you help me?


    Which distro are you using? Every distro that I know of has firewall
    configuration built in. In Fedora it's under the menu item system/
    administration/Firewall and SELinux.


  4. Re: Personal firewall like Zone Alarm: is it exists?

    On 25 Nov, 14:49, General Schvantzkoph wrote:
    > On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:
    > > Hello,

    >
    > > I'm looking for a software like Zone Alarm (personal firewall) that
    > > works on Linux. Can you help me?

    >
    > Which distro are you using? Every distro that I know of has firewall
    > configuration built in. In Fedora it's under the menu item system/
    > administration/Firewall and SELinux.


    I'm using openSuse 10.3. I know netfilter, but I'm looking for a
    personal firewall
    that notify me when an application requires access to the Internet.

  5. Re: Personal firewall like Zone Alarm: is it exists?



    ant wrote:
    > On 25 Nov, 14:49, General Schvantzkoph wrote:
    >> On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:
    >>> Hello,
    >>> I'm looking for a software like Zone Alarm (personal firewall) that
    >>> works on Linux. Can you help me?

    >> Which distro are you using? Every distro that I know of has firewall
    >> configuration built in. In Fedora it's under the menu item system/
    >> administration/Firewall and SELinux.

    >
    > I'm using openSuse 10.3. I know netfilter, but I'm looking for a
    > personal firewall
    > that notify me when an application requires access to the Internet.


    That's going to be a big problem. In the Win environment, software gets
    installed without your knowledge or requires access to the internet when
    you aren't expecting it. Firewall software like Zone Alarm intercepts
    internet traffic and "holds" it for your approval/rejection. Linux
    wisely reserves maintaining the firewall to root; which means that you
    should send the messages to root which wouldn't show up unless you are
    using your system as root - a dubious practice.

    All Linux software I've seen has always included documentation that
    states what IP (or UDP) port(s) will be needed to properly use the
    software. I believe that most Linux administrators want to keep tight
    control over installed software, not make on-the-fly decisions to allow
    internet access to random pieces of code.

    Phil Sherman

  6. Re: Personal firewall like Zone Alarm: is it exists?

    On 25 Nov, 07:43, ant wrote:
    > Hello,
    >
    > I'm looking for a software like Zone Alarm (personal firewall)
    > that works on Linux. Can you help me?


    No there isn't software that works like Zone Alarm on Linux - for a
    whole list of reasons, most of them in Linux's favour.

    If you want a firewall, every distro I've used comes with one already,
    but typically they can be tricky to tweak (and you need a good
    understanding of what the default settings mean - since you're asking
    the question - probably not).

    Find out what you've got already.

    If you have very particular requirements and are confident you can
    remove AND REPLACE the current firewall properly, then try Firestarter
    (google for a url).

    C.

  7. Re: Personal firewall like Zone Alarm: is it exists?

    Phil Sherman wrote:

    >
    >
    > ant wrote:
    >> On 25 Nov, 14:49, General Schvantzkoph wrote:
    >>> On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:
    >>>> Hello,
    >>>> I'm looking for a software like Zone Alarm (personal firewall) that
    >>>> works on Linux. Can you help me?
    >>> Which distro are you using? Every distro that I know of has firewall
    >>> configuration built in. In Fedora it's under the menu item system/
    >>> administration/Firewall and SELinux.

    >>
    >> I'm using openSuse 10.3. I know netfilter, but I'm looking for a
    >> personal firewall
    >> that notify me when an application requires access to the Internet.

    >
    > That's going to be a big problem. In the Win environment, software gets
    > installed without your knowledge or requires access to the internet when
    > you aren't expecting it. Firewall software like Zone Alarm intercepts
    > internet traffic and "holds" it for your approval/rejection. Linux
    > wisely reserves maintaining the firewall to root; which means that you
    > should send the messages to root which wouldn't show up unless you are
    > using your system as root - a dubious practice.
    >
    > All Linux software I've seen has always included documentation that
    > states what IP (or UDP) port(s) will be needed to properly use the
    > software. I believe that most Linux administrators want to keep tight
    > control over installed software, not make on-the-fly decisions to allow
    > internet access to random pieces of code.
    >
    > Phil Sherman


    I have seen one available, but I tried it out and it didn't seem to perform
    as advertised. Perhaps Phil has the reason why.

    I am running Mandriva Linux with its supplied firewall. Basically
    the "firewalls" are frontends to iptables. One that I liked was Guarddog,
    www.simonzone.com/software/guarddog/ which is for KDE only. It may be on
    your installation disks.

    Personally, under Windows, I found the continual prompting of ZoneAlarm a
    big distraction, although it can be set to do everything automatically
    (which you don't want, anyway.)

    Doug.

  8. Re: Personal firewall like Zone Alarm: is it exists?

    ant wrote:
    > Hello,
    >
    > I'm looking for a software like Zone Alarm (personal firewall)
    > that works on Linux. Can you help me?


    I think you can make your own. Tweak the firewall to log all
    rejected packets. Have a monitor process watch the log and
    pop up a dialog box to ask you if you want to allow. If yes,
    the rules are tweaked in RAM (thus this session only) or both
    RAM and file (iptables file used at boot time).

    The port-knocking software already does this, you may be able
    to adapt it to your needs.

    -Wayne

  9. Re: Personal firewall like Zone Alarm: is it exists?

    On 27 Nov, 16:51, Florian Diesch wrote:
    > Phil Sherman wrote:
    > > ant wrote:
    > >> On 25 Nov, 14:49, General Schvantzkoph wrote:
    > >>> On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:
    > >>>> Hello,
    > >>>> I'm looking for a software like Zone Alarm (personal firewall) that
    > >>>> works on Linux. Can you help me?
    > >>> Which distro are you using? Every distro that I know of has firewall
    > >>> configuration built in. In Fedora it's under the menu item system/
    > >>> administration/Firewall and SELinux.

    >
    > >> I'm using openSuse 10.3. I know netfilter, but I'm looking for a
    > >> personal firewall
    > >> that notify me when an application requires access to the Internet.

    >
    > > That's going to be a big problem. In the Win environment, software
    > > gets installed without your knowledge or requires access to the
    > > internet when you aren't expecting it. Firewall software like Zone
    > > Alarm intercepts internet traffic and "holds" it for your
    > > approval/rejection. Linux wisely reserves maintaining the firewall to
    > > root; which means that you should send the messages to root which
    > > wouldn't show up unless you are using your system as root - a dubious
    > > practice.

    >
    > It could be done using DBus for communication with the user.
    >
    > > All Linux software I've seen has always included documentation that
    > > states what IP (or UDP) port(s) will be needed to properly use the
    > > software. I believe that most Linux administrators want to keep tight
    > > control over installed software, not make on-the-fly decisions to
    > > allow internet access to random pieces of code.

    >
    > Maybe it could be useful for some diagnostic purpose. But it can't
    > provide any protections against malicious software as it is quite easy
    > to use other harmless software to send out the data.

    [cut]

    Zone Alarm can do it, can't it?

  10. Re: Personal firewall like Zone Alarm: is it exists?

    ant wrote:

    > On 27 Nov, 16:51, Florian Diesch wrote:
    >> Phil Sherman wrote:
    >> > ant wrote:
    >> >> On 25 Nov, 14:49, General Schvantzkoph wrote:
    >> >>> On Sat, 24 Nov 2007 23:43:41 -0800, ant wrote:
    >> >>>> Hello,
    >> >>>> I'm looking for a software like Zone Alarm (personal firewall) that
    >> >>>> works on Linux. Can you help me?
    >> >>> Which distro are you using? Every distro that I know of has firewall
    >> >>> configuration built in. In Fedora it's under the menu item system/
    >> >>> administration/Firewall and SELinux.

    >>
    >> >> I'm using openSuse 10.3. I know netfilter, but I'm looking for a
    >> >> personal firewall
    >> >> that notify me when an application requires access to the Internet.

    >>
    >> > That's going to be a big problem. In the Win environment, software
    >> > gets installed without your knowledge or requires access to the
    >> > internet when you aren't expecting it. Firewall software like Zone
    >> > Alarm intercepts internet traffic and "holds" it for your
    >> > approval/rejection. Linux wisely reserves maintaining the firewall to
    >> > root; which means that you should send the messages to root which
    >> > wouldn't show up unless you are using your system as root - a dubious
    >> > practice.

    >>
    >> It could be done using DBus for communication with the user.
    >>
    >> > All Linux software I've seen has always included documentation that
    >> > states what IP (or UDP) port(s) will be needed to properly use the
    >> > software. I believe that most Linux administrators want to keep tight
    >> > control over installed software, not make on-the-fly decisions to
    >> > allow internet access to random pieces of code.

    >>
    >> Maybe it could be useful for some diagnostic purpose. But it can't
    >> provide any protections against malicious software as it is quite easy
    >> to use other harmless software to send out the data.

    > [cut]
    >
    > Zone Alarm can do it, can't it?


    I don't know much about Windows but I'm quite sure a malicious program
    can call your web browser or some other unsuspicious program to submit
    data to any internet site and ZA will not notice this.


    Florian
    --

    -----------------------------------------------------------------------
    ** Hi! I'm a signature virus! Copy me into your signature, please! **
    -----------------------------------------------------------------------

  11. Re: Personal firewall like Zone Alarm: is it exists?

    "Kenneth Hårstad" wrote in message
    news:474937a3$1@news.broadpark.no...
    > ant wrote:
    >> Hello,
    >>
    >> I'm looking for a software like Zone Alarm (personal firewall)
    >> that works on Linux. Can you help me?

    >
    > Check out http://www.fs-security.com/
    >
    > A netfilter (iptables) frontend. Easy to use


    I use Shorewall (http://www.shorewall.net/), another iptables frontend. It
    is not a GUI, and requires that you know/learn just the right amount about
    ports and packets etc. Once you've invested the effort to master it, it will
    serve you perfectly.

    To paraphrase Phil Sherman, you should keep track of what software is
    running on your system and what ports you expect it to use, and configure
    this in shorewall rather than make on-the-fly decisions. Shorewall works
    well with ulogd, making possible a homebrew monitoring program as suggested
    by Wayne.

    Good luck,

    CC



+ Reply to Thread