Re: Is Guarddog still the easiest and best firewall GUI program for Linux?

Date	2011-12-04 12:00 +0100
From	David Brown <david.brown@removethis.hesbynett.no>
Newsgroups	comp.os.linux.security
Subject	Re: Is Guarddog still the easiest and best firewall GUI program for Linux?
References	(2 earlier) <xZednYDoxrCyQ0TTnZ2dnUVZ_qydnZ2d@earthlink.com> <8cadnaw2wfZUm0fTnZ2dnUVZ7rmdnZ2d@lyse.net> <vtidnaWYtN6jyEfTnZ2dnUVZ_o6dnZ2d@earthlink.com> <L6SdnbzliI3dU0fTnZ2dnUVZ8mWdnZ2d@lyse.net> <slrnjdmeak.q8l.grahn+nntp@frailea.sa.invalid>
Message-ID	<bdCdnf0h5dsoz0bTnZ2dnUVZ8nOdnZ2d@lyse.net> (permalink)

Show all headers | View raw

On 04/12/11 10:11, Jorgen Grahn wrote:
> ["Followup-To:" header set to comp.os.linux.security.]
>
> On Sun, 2011-12-04, David Brown wrote:
>> On 03/12/11 17:58, Ant wrote:
>>> On 12/3/2011 3:23 AM PT, David Brown typed:
>>>
>>>>> Ah, I want GUI because it is easier to understand what's going on. I use
>>>>> similiar products like Kerio Personal Firewall v2.1.4, Outpost Firewall
>>>>> 2009, Conseal PC Firewall, Norton, etc. :)
>>>>
>>>> These aren't similar products. Windows "firewalls" operate in a
>>>> completely different way from Linux firewalls. Linux firewalls are
>>>> concerned about what comes into, goes out of, or passes through your
>>>> machine at a lower level. Mostly you allow or deny packets depending on
>>>> their source (which interface they come in on, or their IP address),
>>>> their destination, and their protocol and port (such as port 80 tcp for
>>>> http traffic). There are, of course, many other possibilities and
>>>> features of iptables firewalls.
>>>>
>>>> For typical home use, you only need a very simple setup - everything
>>>> outgoing is allowed, everything incoming is blocked unless it is in
>>>> answer to outgoing connections. You may also want to open particular
>>>> incoming ports, for applications such as bittorrent.
>>> ...
>>>
>>> Well, I still want to get prompted what goes in and out. Then, I can
>>> tell it to allow/deny, learn the IP addresses, ports, dircetions, etc. I
>>> don't allow everything to go out either since I hate programs that phone
>>> home.
>>
>> You are using Linux - programs for Linux are mostly either open source
>> (and very rarely do anything nasty - it would quickly be spotted), or
>> they are serious professional programs (which also don't do anything
>> nasty - at least, not unless you have made illegal copies).  Stop
>> thinking in the Windows world.
>
> There's a narrow zone of "freeware" though -- Google Chrome, Skype,
> Adobe Flash ... I use none of them, but if I *did* want them I'd take
> the privacy risk into account first.

True enough (though Chrome has the open source Chromium variant).  And 
we already know that Skype phones everywhere!

>
> (Of course the risk from these is less than from some random Windows
> .exe you download -- about the same as from the corresponding Windows
> version.)
>

Yes, that's my point.  The Linux world is not perfect - it's just vastly 
better than the Windows world in this particular aspect.  And if you do 
want to be extra paranoid, then you have that option in Linux.

> /Jorgen
>

Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

csiph-web