Page 10 of 12 FirstFirst ... 89101112 LastLast
Results 91 to 100 of 112

Thread: TuxGuardian - application based firewall

  1. #91
    Join Date
    May 2011
    Beans
    4

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by CandidMan View Post
    Yeah, I know what you're saying. And reading my own posts I think I sound dangerously close to being a geek elitist at times. You don't have to be a pilot, but it does help if you have an interest in planes
    Have you looked at apparmor?
    iptables has lots of options, not sure if you can impose data-cap limits but you impose restrictions based on time, user, packet count etc. It's not so bad if you know exactly
    There's one line you can insert into a profile that I think prevent network access:
    Code:
    deny network
    Voila, no network capabilities!!
    Well, I don't currently have a need for these capabilities since I'm running Ubuntu as a VM, but it's something I'd like to have if I switched over.

  2. #92
    Join Date
    Aug 2008
    Beans
    38

    Re: TuxGuardian - application based firewall

    My main interest in application firewall capabilities is something that wtdt mentioned. All my interenet is pay per mb and expensive. I don't have another choice. I would love to not get surprises in a huge bill because something decided to update or I forgot to turn something off.

  3. #93
    Join Date
    Jul 2009
    Beans
    10

    Re: TuxGuardian - application based firewall

    I'm also looking for an application based firewall. I recently went abroad with my netbook and £40 (around $70, premium rate bandwidth on foreign network) worth of 3G was blown before I even started using it properly because:

    - I left Prey anti-theft running (which can only be disabled via the website).
    - Ubuntu auto updates was enabled.
    - I also suspect I had a couple of rogue apps connecting on port 80.

    I'm pissed Ubuntu let me do this and if legit apps can connect to the Internet without my (at the time) knowing so can rogue apps and something for tracking these sort of outgoing connections is (still) needed. I'm now actually considering having a Windows dual boot system just so I can use a real personal firewall.

    UPDATE: I've emailed the author of "linux-firewall.org" about getting the source code for his application ( http://linux-firewall.org/ ) as that seems to be exactly what most people need but I don't trust random binary installers on the 'net offering exactly the kind of thing Ubuntu needs...
    Last edited by brownb2; August 21st, 2011 at 03:26 PM.

  4. #94
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by brownb2 View Post
    I'm also looking for an application based firewall. I recently went abroad with my netbook and £40 (around $70, premium rate bandwidth on foreign network) worth of 3G was blown before I even started using it properly because:

    - I left Prey anti-theft running (which can only be disabled via the website).
    - Ubuntu auto updates was enabled.
    - I also suspect I had a couple of rogue apps connecting on port 80.

    I'm pissed Ubuntu let me do this and if legit apps can connect to the Internet without my (at the time) knowing so can rogue apps and something for tracking these sort of outgoing connections is (still) needed. I'm now actually considering having a Windows dual boot system just so I can use a real personal firewall.

    UPDATE: I've emailed the author of "linux-firewall.org" about getting the source code for his application ( http://linux-firewall.org/ ) as that seems to be exactly what most people need but I don't trust random binary installers on the 'net offering exactly the kind of thing Ubuntu needs...
    So basically you are mad at Ubuntu because of the way you configured it and you somehow think some kind of a firewall application would have helped.

    Basically the "rogue apps" are exactly those you configured yourself.

    Considering you would have allowed such traffic in the first place I do not see how you can come to that conclusion.

    If you are interested, there are ways of monitoring your bandwidth and determining what is using your bandwidth.

    http://www.ubuntugeek.com/bandwidth-...for-linux.html

    see also tools such as htop.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #95
    Join Date
    Feb 2010
    Location
    U.K.
    Beans
    782
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by brownb2 View Post
    <snip>

    - I left Prey anti-theft running (which can only be disabled via the website).
    - Ubuntu auto updates was enabled.
    - I also suspect I had a couple of rogue apps connecting on port 80.

    I'm pissed Ubuntu let me do this and if legit apps can connect to the Internet without my (at the time) knowing so can rogue apps and something for tracking these sort of outgoing connections is (still) needed.

    </snip>
    What??

    Ubuntu should magically spot that you have travelled abroad and are using expensive bandwidth, then automagically reconfigure itself not to update, automagically log into your Prey account and disable that and automagically disable those rogue apps?

    What???? Seriously you are joking right?

    How about taking some responsibility for yourself?

  6. #96
    Join Date
    Apr 2010
    Location
    Wales, UK
    Beans
    92
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by brownb2 View Post
    if legit apps can connect to the Internet without my (at the time) knowing so can rogue apps
    I'm not sure this follows. Unless your rogue apps and legit apps are one and the same. You could try using wireshark to see what's being sent and netstat to see what's sending the data.
    Some culprits that spring to mind are the weather applet and ubuntuone.
    In case I don't see ya; good afternoon, good evening, and goodnight

  7. #97
    Join Date
    Jul 2009
    Beans
    10

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by cryptotheslow View Post
    What???? Seriously you are joking right?

    How about taking some responsibility for yourself?
    This is exactly the negative sort of comment/troll that plagues the linux community, do us a favour mate.

    Users cannot possibly be expected to keep track of each app individually and if you read the title of this thread you'd understand that a central point, the firewall, one that used to work, is an ideal place to block these types of connections on a per app basis. Previously my "taking some responsibility" was assuming (g)ufw was up to the job and I would be prompted for outgoing connections ala Sunbelt Firewall et al.

    With respect to the other posters, I really don't want to do network analysis on a netbook on holiday especially when I see in Windows I can just disable outgoing connections for everything but Thunderbird and Firefox. How easy is this with ufw/ipchains (and if it is easy, if it's command line based, again it's not suitable unless you're a developer/techie - which I am, BUT it's not something I can recommend to others)?

    Related, the linux-firewall.org owner never responded to requests for source code so I'm making the assumption that it's unstable and/or unsecure (in all senses).

  8. #98
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by brownb2 View Post
    This is exactly the negative sort of comment/troll that plagues the linux community, do us a favour mate.

    Users cannot possibly be expected to keep track of each app individually and if you read the title of this thread you'd understand that a central point, the firewall, one that used to work, is an ideal place to block these types of connections on a per app basis. Previously my "taking some responsibility" was assuming (g)ufw was up to the job and I would be prompted for outgoing connections ala Sunbelt Firewall et al.

    With respect to the other posters, I really don't want to do network analysis on a netbook on holiday especially when I see in Windows I can just disable outgoing connections for everything but Thunderbird and Firefox. How easy is this with ufw/ipchains (and if it is easy, if it's command line based, again it's not suitable unless you're a developer/techie - which I am, BUT it's not something I can recommend to others)?

    Related, the linux-firewall.org owner never responded to requests for source code so I'm making the assumption that it's unstable and/or unsecure (in all senses).
    If the default settings on Ubuntu caused the problem then it would be Ubuntu's fault.

    But in this case the user specifically configured Ubuntu to use a higher then the default bandwidth, but then blamed Ubuntu for the increased bandwidth.

    So yes, this is an example where the user is indeed at fault.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #99
    Join Date
    Jul 2011
    Beans
    206

    Lightbulb Re: TuxGuardian - application based firewall

    I just finished carefully reading every single post in this thread, and have a couple of things to say:

    *) Using the term "Windows mindset" or repeating "this isn't Windows" is a cop out - a way of avoiding discussing the details, by lumping dissenting voices into a generic stereotyping.

    *) Phone home software in drivers IS an issue, and it's unavoidable. It has absolutely no connection with questions re. repositories vs. other sources. It's the consequence of equipment manufacturers working hard to dig deeper into the pockets of their customers, and working hard to leverage their sales/transactions into further profit regardless of the ethics of their methods. Use of those drivers is a necessity; the equipment is designed from scratch to insist on it. This problem won't go away just because this is Linux, and the time-honored traditional methods & tools in Linux are insufficient to obstructing this new threat to privacy. Therefore, new tools & methods are required.

    Based on what I've read in this thread, process #'s are insufficient for this task, as are port #'s. The problem in limiting outgoing connections on a per-application basis, is that the Linux environment doesn't maintain a comprehensive table of program I.D. #'s. (Please correct me, if I'm wrong about that.) In the absence of a comprehensive table of program I.D. #'s, it's not possible to maintain a table of which programs own which current connections - or, to block programs from making connections. Such a table of program I.D. #'s would have to be updated & maintained during every instance of program installation, including assigning separate I.D. #'s for each & every driver. Given such a table to reference, it would be easy to implement per-program internet access privileges. The registration table would have 3 columns: Text of program name, numeric program I.D. # assigned at installation time, and numeric value indicating privileges.

    If such a table existed, then establishing a connection could be allowed or refused based on the value of the privileges info in the table. A request for an outgoing connection would require the requesting program to provide a valid I.D. #. Administrators would be able to review &/or edit the privileges in the table on an as-needed basis. A session log would be maintained of programs owning current outgoing connections, with start & end times. The drawback to this framework, is the possibility of programs accessing the table's values for the purpose of spoofing I.D. #'s & associated privileges. I'm not proposing that this would be a replacement for IPtables - it would be an associated accesory, plugging a gap in the security measures.

    I don't know the details of operation, re. TuxGuardian, so I don't know if it does what I've proposed here. All I'm really sure of, is that software to do what I've written in the previous 2 paragraphs is needed.

    But, please don't tell me that if I want such a feature in the OS then I should write it myself. My programming activities were limited to BASIC - however, my experience in flowcharting, principles of program design, and complex systems analysis are still valid & useful. Of course, if you think it would be right & proper for the entire Linux community to wait until I somehow manage to master writing software in a new language like C++ or Python...?

    To sum up: A new problem exists, and traditional methods are insufficient for dealing with it. A method for controlling this problem exists - all that's required is for the community of Linux developers to recognize & acknowledge the problem, then create software that applies the remedy.
    .
    "That's my motto - a place for everything, and everything all over the place!"
    -- From an old comic I once saw.--

  10. #100
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    If you find a driver that "phones home" in the Ubuntu repositories then please show it to us and file a bug report.

    Otherwise , do not install 3rd party software. If you are concerned about such third party hardware, do not buy it.

    There are several vendors that sell computers with Linux pre-installed:

    http://linuxpreloaded.com/

    https://wiki.ubuntu.com/UbuntuFriendlyHardwareSuppliers

    http://www.ubuntu.com/partners

    There is no security model that can protect you when you are going to install third party, closed source applications or driver(s). You run the installer as root and it has full access to your system, including the ability to deactivate any "application based firewall" you might write or install.

    You complain about the "windows mentality" , although you have little or no experience with Linux or linux security. This is the problem. The first step is for you to understand how linux works, then how linux security is designed.

    Rather then bothering to take the time to understand how Linux works, you come in here demanding some feature of the developers. Such an attitude does not go far here on the forums, and even less with developers.

    Because you do not understand Linux, you come across as making unreasonable demands, and people (developers) loose interest in listening to such demands very, very, very fast.

    If you want an insight to how developers think read:

    http://www.redhat.com/magazine/020ju...ures/bugzilla/

    sure it is red hat, but you get the idea.

    http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

    If you file a bug report about a third party driver, such as nvidia, "phoning home" with any major Linux project, Ubuntu, Debian, Fedora, etc, it will be marked as invalid, and rightly so.
    Last edited by bodhi.zazen; August 25th, 2011 at 03:16 PM.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Page 10 of 12 FirstFirst ... 89101112 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •