Page 3 of 12 FirstFirst 12345 ... LastLast
Results 21 to 30 of 112

Thread: TuxGuardian - application based firewall

  1. #21
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by cariboo907 View Post
    A firewall really doesn't do anything on a default installation, as there are no ports open to the outside world, and if you are behind a router, it's a belt + suspenders type of activity.

    it's just like the poster earlier that tried to block Opera from accessing the Internet. Web browsers and many other programs use random high ports for out going connections, so it's pretty hard to block a port if you don't know which one it is using, and it changes every time you use a program, have a look at this example:

    Code:
    netstat -tn
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 192.168.1.215:43915     209.85.225.125:5222     ESTABLISHED
    tcp        0      0 192.168.1.215:56053     192.168.1.235:22        ESTABLISHED
    tcp        0      0 127.0.0.1:7634          127.0.0.1:53732         TIME_WAIT  
    tcp        1      0 192.168.1.215:44341     96.8.82.129:80          CLOSE_WAIT 
    tcp        1      0 192.168.1.215:51431     96.8.82.129:80          CLOSE_WAIT
    I've bolded the outgoing ports, these change every time a program is opened.
    For outgoing connections it is easier to block the dport rather then the source port.

    Code:
    sudo iptables -A OUTPUT --dport 80 -j DROP
    Will block opera (and other web browsers) =)
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #22
    Join Date
    Sep 2009
    Location
    United States
    Beans
    113
    Distro
    Ubuntu

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    I added Package Request for TuxGuardian - application based firewall. If you want it, please vote for it.
    https://bugs.launchpad.net/ubuntu/+bug/657249

    Features:
    Detects unauthorized applications trying to act like a client or a server;
    Operates with or without user intervention;
    Verifies the applications' integrity so that maliciously modified software won't be able to send or receive data through the network;
    Uses a three-layered architecture of independent modules, which eases the task of addings new features and functionality;
    http://tuxguardian.sourceforge.net/screenshot.png
    http://tuxguardian.sourceforge.net/
    This program is incredibly silly - not only can all its functionality be accomplished easily with iptables, the entire idea is pointless: simply running 'sudo netstat -nep' will quickly tell you exactly what programs are accessing the internet. Anything that can make itself invisible to netstat would have to be some sort of rootkit, and by definition a rootkit could easily bypass filtering like TuxGuardian. There are several GUI frontends for the kernel iptables functionality out there - if you're too lazy to use the shell, use those.

    This is exactly the thing that would sound like a great idea to someone unfamiliar with Linux, when in reality it is a greater detriment to security than the service it provides is worth. It reeks of Windows, and I don't like it.

    -1 from me.

  3. #23
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by bodhi.zazen View Post
    For outgoing connections it is easier to block the dport rather then the source port.

    Code:
    sudo iptables -A OUTPUT --dport 80 -j DROP
    Will block opera (and other web browsers) =)
    I was just using my post as an example, destination port will work, but then wouldn't you also need to specify 443 plus any other none standard ports that http may be running on?

  4. #24
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by cariboo907 View Post
    I was just using my post as an example, destination port will work, but then wouldn't you also need to specify 443 plus any other none standard ports that http may be running on?
    Yes.

    As with INPUT, it is easier to write rules that allow traffic, and then deny the rest, either with a DROP at the end of the chain or as the default policy.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #25
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by WinstonChurchill View Post
    This program is incredibly silly - not only can all its functionality be accomplished easily with iptables, the entire idea is pointless: simply running 'sudo netstat -nep' will quickly tell you exactly what programs are accessing the internet.
    I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
    "block THIS program or process from accessing the Internet"

    Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.

    Until linux developers understand this linux will not become more popular.

    Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
    Last edited by arapaho; October 30th, 2010 at 04:20 PM.

  6. #26
    Join Date
    Feb 2007
    Beans
    29

    Re: TuxGuardian - application based firewall

    I agree that probably most new Ubuntu users come from windows, but in my opinion those that are looking for, I believe, a better OS experience than Windows, extra learning is involved as someone mentioned earlier. There is a learning curve to Ubuntu or any other linux distro. I'm not trying to deter anyone from moving to linux from windows at all, but I feel that if you are just wanting to click and make it happen without knowledge of how it works then Windows may be ideal. Ubuntu/Linux is becoming the click and make it happens but most of the time you need to at least have some knowledge of how the whole process works because custom configuration has always been a plus to linux, in my opinion.
    P4 2.26Ghz, 1GB RAM, GeForce6600GT, 120GB HD, Dual Boot Intrepid/XP
    P2 266Mhz, 192MB RAM, S3Virge, 8GB HD, Hardy

  7. #27
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    @Leebo
    You are right that to use linux one must change their approach, but developers should understand that if they want Ubuntu to became more popular changing only look for Unity will not attract many new users.
    At least something like GUI for apparmor in Ubuntu would be welcomed. In my opinion that would be more welcomed by Ubuntu users than Unity.

  8. #28
    Join Date
    Jun 2010
    Location
    Austria - Graz
    Beans
    124
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
    "block THIS program or process from accessing the Internet"

    Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.

    Until linux developers understand this linux will not become more popular.

    Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
    Please forgive me if I sound rude but I believe it has to be said.

    People have to start change their mind about how to operate their computers. W still are in the stone age it's time to start evolving and for that users have to simply understand that it is very important to understand what your computer does and why.

    I'm very well aware that most users are not ready for this. Some come from Windows where they just adopted a pattern they follow instead of thinking but I feel this has to change. You can't remain in stone age for ever. It should be our goal not to make it easier to just not think but to make thinking a requirement as this is the only real way to enhance security.

  9. #29
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
    "block THIS program or process from accessing the Internet"

    Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.

    Until linux developers understand this linux will not become more popular.

    Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
    I fail to understand why people assume that all the knowledge they have gained from years of using Windows, will transfer to a Linux based distribution.

    If you are that interested in security, do some testing yourself, instead of trying to apply a Windows solution to a problem that doesn't exist. There have been plenty of examples in this thread, and in this sub-forum of how to check what programs are connecting to the internet. Most of these methods don't work in Windows without installing extra programs. For an average user fresh from Windows the default Ubuntu installation is more secure than the same installation in WIndows.

    I've been using a Linux variant for longer than some of our members have been using Windows. On a desktop system, I have never gone out of my way to add extra security, I rarely enable a firewall, as I'm behind a router. The only time I've installed any anti-malware programs is to help someone with a problem. I think before I click that link. Personally I think that knowledge is more important than trying to use software to make myself feel secure.

  10. #30
    Join Date
    Jun 2010
    Location
    Austria - Graz
    Beans
    124
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by cariboo907 View Post
    I fail to understand why people assume that all the knowledge they have gained from years of using Windows, will transfer to a Linux based distribution.

    If you are that interested in security, do some testing yourself, instead of trying to apply a Windows solution to a problem that doesn't exist. There have been plenty of examples in this thread, and in this sub-forum of how to check what programs are connecting to the internet. Most of these methods don't work in Windows without installing extra programs. For an average user fresh from Windows the default Ubuntu installation is more secure than the same installation in WIndows.

    I've been using a Linux variant for longer than some of our members have been using Windows. On a desktop system, I have never gone out of my way to add extra security, I rarely enable a firewall, as I'm behind a router. The only time I've installed any anti-malware programs is to help someone with a problem. I think before I click that link. Personally I think that knowledge is more important than trying to use software to make myself feel secure.
    100% agreed.

Page 3 of 12 FirstFirst 12345 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •