CrunchBang Linux Forums » Feedback & Suggestions » Comes with a Firewall Setup
Remembered reading somewhere that Mepis comes with GuardDog pre-configured to a "common" setting.
Opensuse also comes with something similar.
It would be attractive for #! to come with a pre-configured firewall for the next release. 
There is a pretty handy walkthrough of gufw from Ubuntugeek :
http://www.ubuntugeek.com/gufw-simple-g … ewall.html
On the other hand I just "sudo ufw enable && sudo ufw default deny" after first boot of a fresh install.
Not sure how much or how little of a pain it would be for corenominal to have that configured out of the box, and what issues it may or may not raise for some users.
Ahh... good to learn that you did some magical stuff after a first install.
However, not every user knows how to goes about doing that.
Was thinking that since #! is fully operational on install, it would be interesting and beneficial to give users a good start with a default installation
I just tried gufw and I found that it automatically detected my p2p applications. I just select the program, click Add, and gufw adds the correct port. How cool is that?
I just tried gufw and I found that it automatically detected my p2p applications. I just select the program, click Add, and gufw adds the correct port. How cool is that?
Extremely cool? I would say so. One of the reasons I avoid firewalls in Linux is p2p and my avoidance to learn how to set up ip tables.
You can also use firestarter (in repository, just as a hint).
Whilst its a good idea do you really want someone else making an arbitrary decision as to what ports you want to have open or closed on your firewall, more so do you want that person choosing what firewall application does that? Whether it be IP tables or not?
My personal preference is to have a blank firewall and build it myself.
Perhaps a solution would be for either a script that will configure your firewall for you post install, or for a HOWTO on setting up your firewall in a specific way?
The problem is people won't build their own firewall.
Even experienced users can forget - I did. A good firewall should deny everything and stay hidden away, so it's quite possible when you build a new system that you'll just assume everything is locked up. I remember building a slackware or similar system sometime in the mid-late 90s, and forgot to setup the firewall. It got a worm within about 10 minutes of being hooked up to the internet, or possibly something nasty was on the local network.
The gufw function of knowing which ports are required by apps (I guess they maintain a database) is extremely cool and user-friendly. The distro should perhaps come with everything initially locked down, and generate a message that prompts the user to go and look at their firewall setup, the first time any transgressions are attempted - ie the first time you run a p2p app or whatever. Maybe web-browsing should be pre-configured, as that's so essential.
There is a pretty handy walkthrough of gufw from Ubuntugeek :
http://www.ubuntugeek.com/gufw-simple-g … ewall.html
On the other hand I just "sudo ufw enable && sudo ufw default deny" after first boot of a fresh install.
thanks for the link.
have you had any issues with conky with ufw default deny settings?
Not sure how much or how little of a pain it would be for corenominal to have that configured out of the box, and what issues it may or may not raise for some users.
ok fellow #!ers whom i love, im not trying to sound condecending here..really.
but honestly do we really need someone to preconfigure our firewall for us?
it sort of sounds like having someone come over to put the toilet paper on the roll.
im still learning...
i installed gufw last night, and its FAIRLY uncomplicated, not entirely up to its name, but i can learn. id like to know more about iptables..not sure why that seems so daunting...its pretty well documented isnt it?
Im gonna go ahead and borrow this thread to ask. How can I make gufw autostart? the "autostart with session" checkbox in edit > preferences is grayed out.
I think gufw is only for configuring the firewall, which is esentially part of the kernel (iptrables). As long as you have ticked "enable", the firewall settings that you have configured with gufw are automatically setup at bot time (by the "ufw" startup script int /etc/init.d). The documentaion could be clearer on this point.
If you genuinely wanted the graphic configuration app to automatically start, I guess you'd add it to .config/openbox/autostart.sh
Last edited by jackbang (2009-06-22 10:16:11)
What kind of firewall is recommended? People coming from windows want something that blob 1 requester per second to allow or deny things that the user did not understand. Then they feel secure, so xandros put a commercial antivirus to their distro:lol:
We can harden a linux distri (bastille) and / or set a firewall in front of running services. Both are'nt easy tasks for a plain user, more an admin job. There are less running services in crunch that really need such thing;)
Well Linux has the iptables firewall. Firestarter, GuardDog, and Gufw are just front-ends to configure it.
I like gufw for reason I mentioned earlier.
Hello
possible that a firewall in base setup will come.
http://brainstorm.ubuntu.com/?keywords= … &tags=
Tuxfriend
Im gonna go ahead and borrow this thread to ask. How can I make gufw autostart? the "autostart with session" checkbox in edit > preferences is grayed out.
Try adding
(sleep 1s && gufw) &to the bottom of your autostart.sh
Preferences>Openbox Config>edit autostart.sh
Personally, the firewall on my router is all I've ever needed, even running Windows.
I for one would be against having a default firewall with #!
Posts [ 17 ]
CrunchBang Linux Forums » Feedback & Suggestions » Comes with a Firewall Setup
Forums powered by PunBB. Hosted by Linode.
Copyright © CrunchBang Linux.
Proudly powered by Debian GNU/Linux.
Debian is a registered trademark of Software in the Public Interest, Inc.