Results 1 to 6 of 6

Thread: Firewalls etc.

  1. #1
    Join Date
    Jul 2012
    Beans
    688
    Distro
    Ubuntu 18.04 Bionic Beaver

    Firewalls etc.

    HI
    I hear all the time from Wirows user's that they have better Firewalls etc.

    Now all I know is that Firewalls close ports. Hence they're wrong or am I missing
    something about Firewalls? Do expensive FW more than that? Maybe some
    are available for Linux?
    Thanks

  2. #2
    Join Date
    Oct 2013
    Beans
    1

    Re: Firewalls etc.

    Hi,
    firewalls no only do job with open/close ports. Firewall in Linux (for example iptables) can look into packet and drop or pass packet if it got some phrase. Also with iptables in Linux you can decide which host can make connection with You or cannot. With iptables you can set a mark for packet if it has something special (for example it is from google dns with src port 53).

  3. #3
    Join Date
    Jul 2005
    Location
    I think I'm here! Maybe?
    Beans
    Hidden!
    Distro
    Xubuntu 22.04 Jammy Jellyfish

  4. #4
    Join Date
    Mar 2011
    Beans
    701

    Re: Firewalls etc.

    Windows Firewalls focus on Outbound connections as well as inbound. Linux firewalls can do this as well, but outbound restrictions are *trivially* bypassed. That's why so much work goes into outbound Firewalls like comodo to prevent programs from doing things that might allow an outbound connection. On Linux there's no all-in-one tool for this, but if you're familiar enough with Linux you can get similar (if not better) results than any Windows Firewall.
    sig

  5. #5
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    iptables

    All Linux based firewalls are based on IPtables. So tools like UFW and GUFW are just front-ends for IPTables and if you learn to work with IPTables directly you can do anyting. You could even build your own router or netbased firewall. In fact many companies sell such appliances. Many so-called "hardware" firewalls at the consumer level are running Linux. If you have an ADSL modem, chances are it is already running linux and if you wanted to you could replace what is on there with DD-WRT

    Unfortunately, the documentation for IPTables lags behind some other tools like BSD's PF in documentation. The best overview that I know of is Oskar Andreasson's Iptables Tutorial 1.2.2. But that is from 2006 and still some things have been added and others removed, even if the changes are not many.

    In short, you could build the equivalent of any network device on the market using Linux.

  6. #6
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    iptables documentation

    Just an after thought, if you are looking for the authoritative documentation (not tutorials or guides) for IPTables, you have them on your machine alread. Look in iptables and especially iptables-extensions. The latter is not online, just on your machine.

    Code:
    man iptables-extensions

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •