Hi Guys
Went over to www.grc.com and tested my firewall, deliberately tried to infect my machine with viruses(see why windows has lost the war with linux) in the windows section, also failed.
Now the world is sweet at the moment but I would like to have a secure firewall, call it 'The Windows Induced Total Stress' disorder or 'TWITS' for short.
The firewall with my Mandrake 9.2 'Shorewall' had a bad signature, so did the one I found on a 9.1 disc.
I looked in the forum but didn't see any mention of Firewalls.
Guess Linux users aren't that affected by TWITS,
but still I would like to think that if someone nasty did come along I could keep my head down behind a firewall that stealths me from attack.

Malc Wright

Call me paranoid too (Guy - you're paranoid) - I use guard dog firewall.

http://www.simonzone.com/software/guarddog/

They invite you to go & test your shield at Gibson research - mine passed

There are rpm's for Red hat & Mandrake. On slack the source code compiles easily

Once again the swimming pools of life had been tainted by the incontinent toddlers of fate

I use Suse firewall 2 under Suse, part of distro.

I recommend setting up linux's firewall which is in the kernel itself. Called iptables, old, but simple and powerful.
Your best bet is to open a root shell and type the following:

cd /bin

OR

cd /bin/iptables

THEN

-A INPUT -p tcp --syn -j DROP

This will deteor most hackers as your computer wont respond to tcp/ip connections form other computers that you didnt request.
However you can still browser,chat,IM,ssh and so forth.

However, if you run a remote root server for instance and wish to keep accessing it via ssh (port 22) you can do this:

-A INPUT -p tcp --syn --destination-port 22 -j ACCEPT
-A INPUT -p tcp --syn -j DROP

This keeps port 22 open from the outside lettign outside computers access it.

However, if you wish only a set ip access it, so not every1 can guess your password, you can do this:

-A INPUT -p tcp --syn -s xxx.xxx.xxx.xxx/32 --destination-port 22 -j ACCEPT

-A INPUT -p tcp --syn -j DROP

This lets just the set ip xxx.xxx.xxx.xxx connect to that port and no other. I hope this helps, Give it a go its quite simple, just paste (-A INPUT -p tcp --syn -j DROP) in if ya want.

Quote: malc_wright said on 4 February 2004 at 22:16:48 Hi Guys Went over to www.grc.com and tested my firewall, deliberately tried to infect my machine with viruses(see why windows has lost the war with linux) in the windows section, also failed.... The firewall with my Mandrake 9.2 'Shorewall' had a bad signature, so did the one I found on a 9.1 disc. I looked in the forum but didn't see any mention of Firewalls.

The 'bad signature' thing isn't really anything to worry about. I found that the download edition of both Mandy 9.1 and 9.2 will fail to recognise RPM files on their own discs. They work absolutely fine, no broken files or anything. Hey ho.

As for firewalling, I use 'Shorewall' by default (and I have 'roottail' running so I can check the shorewall logs just by looking at my desktop background - couldn't imagine doing that under Windows) and have found it to be brilliant.

I took a stride over to the site you linked, and I wasn't really sure what to make of it. I went to their 'Shields Up' bit and scanned my system. It said I had a ridiculously secure system (for filesharing): One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. However, my shorewall setup didn't even register that something was trying to access port 139. What's up with that?

The full-on 'common ports' scan did register with shorewall, and it stealthed everything except port 113, which reported itself as closed anyway. That's pretty good going, really.

The 'all ports' option again showed only 113 as not-stealthed.

If you're happy with this kind of setup, then go with Mandrake's firewall.

Just a note, however. All these firewalls do the same thing under Linux. They are all basically just front-ends to iptables, so if you're not happy with the frontend, go for something else.

Happy firewalling.

Thanks Guys
This is what I love about linux, choice, will have a go at your suggestions and see which I prefer as a solution.
I am finding i spend more time in Mandrake than Windows now and prefer Mozilla to IE.
I have even started to contemplate an instal of Fedora but that will be some time away.
Who out there is into multi-booting Linux or is that only something you need to do in Windows to get best use of resources, ie can you set up different user resources in Linux, it being more truly multi user than Windows.

I multiboot Linux. There is no Windows on my machine, only Linux and other "free" Unix-alikes.

I am what you could call a habitual tester. I find it irresistable to install a distro and have a fiddle with it, just to see what tweaks to which GUI have been made, which additional programmes have been added, what the target audience is, etc, etc. Right now I have Mandrake 9.1 (my main setup), Mandrake 9.2, RedHat 9, Fedora Core 1 (I know it is basically RH9, but I couldn't resist) and Xandros Desktop 2.

Multibooting is certainly not purely in the realms of using Windows too.

Thanks Thymox
You have just advanced my multi-boot linux several weeks

Malc

Just to say that my memory recalls (from when I used to use Mandrake) that if you visit the Shorewall site they recommend a different build to the one supplied with Mandrake and that you set it up manually.

If you have KDE installed, you can also use KMyFirewall.

Basically these packages just give "simple" front ends to the built in firewall in Linux to help you set it up correctly. KMyFirewall is particularly simple.