Loading ...
Sorry, an error occurred while loading the content.
 

Re: [NTO] XP FIREWALL

Expand Messages
  • Gerard Huijing
    ... Fedora, and openSUSE. I have used several other distributions in the past (ZenWalk, Vector among others) I will stick to the first two: they have a
    Message 1 of 14 , Jan 13, 2008
      Alan C wrote:
      >
      >
      > What Linux distros are you refer to since I know some distro that do not
      > even ship with a firewall (one must provide their own firewall).
      >
      > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

      Fedora, and openSUSE. I have used several other distributions in the
      past (ZenWalk, Vector among others)
      I will stick to the first two: they have a configuration file that
      regulates inbound and outbound traffic. It is configured on the basis
      of choices offered by the install program. ("Do you want this machine to
      provide ftp services?" etc.).

      If I tested my service ports after I had installed (which I alway did),
      e.g. with Gibson Shields Up, the report would be with SUSE: all ports
      stealthed (DROP) except 113 (IDENT) which was closed (REJECT). ICMP echo
      requests from outside to the firewall were rejected. I could choose to
      stealth 113, and change the other rule: DROP the pings). I always did
      that too. Mine is a stand alone PC and I had no problems (although the
      documentation says that changing these settings can have adverse effects).

      When you install SUSE or Fedora that configuration file (essentially a
      script for iptables) is also generated. On those grounds I would say
      that a firewall is in place to start off with.

      > proper? I definitely agree with you on that one for Win XP but not for the
      > Linux distros that I use.

      I used "proper" because I have read so many criticisms of the XP
      firewall saying exactly that: "Yes, indeed XP has its own firewall but
      it's not a *proper* one: it only monitors inbound".

      >
      > What's "proper" is what's needed according to the overall or bigger picture
      > context.

      I quite agree.

      > Even the built in Win XP firewall "monitors" outbound -- it does so for the
      > purpose to only allow back in what had been initially requested from within
      > -- oh, well, too bad if it was an "illegitimate outbound request that was
      > initiated from within (no protection)"

      Precisely! It's the unnoticed illegitimate ones I am worried about.
      Thank you for the more precise description of what is going on in XP
      firewall BTW.

      Your point was, very much in a nutshell: the situation WinXP plus native
      FW is comparable to Linux 'sec' with some essential qualifications
      regarding the whole implementation of the OS, which make Linux so much
      safer to start with.

      I quite agree, again. I know that the situation in ArchLinux or FreeBSD
      is like the one you have in mind. You have to install and configure your
      firewall yourself, from scratch.

      I quite enjoy trying to figure out iptables rules myself (after all I
      can only screw up my own PC), but I am also very happy that openSUSE and
      Fedora give me some safe settings to start off with.


      Cheers,
      Gerard





      --
      Gerard (E.G.P.) Huijing
      2312 ZD Leiden
      Netherlands
      inboxgen@...
    • Alan C
      ... Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and 2. Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
      Message 2 of 14 , Jan 13, 2008
        On Jan 13, 2008 2:29 PM, Gerard Huijing <inboxgen@...> wrote:

        > Alan C wrote:
        > >
        > >
        > > What Linux distros are you refer to since I know some distro that do not
        > > even ship with a firewall (one must provide their own firewall).
        > >
        > > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my
        > friends.
        >
        > Fedora, and openSUSE. I have used several other distributions in the
        > past (ZenWalk, Vector among others)
        > I will stick to the first two: they have a configuration file that
        > regulates inbound and outbound traffic. It is configured on the basis
        > of choices offered by the install program. ("Do you want this machine to
        > provide ftp services?" etc.).


        Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and
        2.

        Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
        then I liked it.

        It was all about how much Unix/Linux acclimated I was back then.

        Near 2001 'till now be near 7 years since I first began my Linux foray.

        Since Slackware 10.2, Slackware has been my first go to distro (it's
        Slackware 12.0 now) (I no longer have the hate periods -- it's now all "I
        like it").

        It a very fun distro to customize to your own personal liking. (lots of
        community support for this distro). Once got (grasp) Slackware, am now
        acclimated to the Unix/Linux way.

        Slackware ships without a firewall. I use:

        http://www.slackware.com/~alien/efg/

        (rather powerful, loads many security related kernel modules).

        I also use:

        http://firehol.sourceforge.net/

        I once used a Debian package of that one on Debian.

        Debian is just for practice -- to keep me on my toes. I boot it only about
        20% of the time. Slack gets the other 80%.

        My friend's CentOS gives me some akin the direction of Fedora/Red Hat.
        After a while (no rush) I may put Debian or Slackware on my friend's box (so
        I don't have to scratch my head about CentOS things when I work on it).

        <snipped>

        I quite enjoy trying to figure out iptables rules myself (after all I
        > can only screw up my own PC), but I am also very happy that openSUSE and
        > Fedora give me some safe settings to start off with.


        I stay away from iptables rules (never end up with enough time to dedicate
        to it so as to learn it). I'm thankful that many various configurator tools
        for the task exist.

        --
        Alan.


        [Non-text portions of this message have been removed]
      Your message has been successfully submitted and would be delivered to recipients shortly.