Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
cariboo907
A firewall really doesn't do anything on a default installation, as there are no ports open to the outside world, and if you are behind a router, it's a belt + suspenders type of activity.
it's just like the poster earlier that tried to block Opera from accessing the Internet. Web browsers and many other programs use random high ports for out going connections, so it's pretty hard to block a port if you don't know which one it is using, and it changes every time you use a program, have a look at this example:
Code:
netstat -tn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.215:43915 209.85.225.125:5222 ESTABLISHED
tcp 0 0 192.168.1.215:56053 192.168.1.235:22 ESTABLISHED
tcp 0 0 127.0.0.1:7634 127.0.0.1:53732 TIME_WAIT
tcp 1 0 192.168.1.215:44341 96.8.82.129:80 CLOSE_WAIT
tcp 1 0 192.168.1.215:51431 96.8.82.129:80 CLOSE_WAIT
I've bolded the outgoing ports, these change every time a program is opened.
For outgoing connections it is easier to block the dport rather then the source port.
Code:
sudo iptables -A OUTPUT --dport 80 -j DROP
Will block opera (and other web browsers) =)
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
arapaho
This program is incredibly silly - not only can all its functionality be accomplished easily with iptables, the entire idea is pointless: simply running 'sudo netstat -nep' will quickly tell you exactly what programs are accessing the internet. Anything that can make itself invisible to netstat would have to be some sort of rootkit, and by definition a rootkit could easily bypass filtering like TuxGuardian. There are several GUI frontends for the kernel iptables functionality out there - if you're too lazy to use the shell, use those.
This is exactly the thing that would sound like a great idea to someone unfamiliar with Linux, when in reality it is a greater detriment to security than the service it provides is worth. It reeks of Windows, and I don't like it.
-1 from me.
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
bodhi.zazen
For outgoing connections it is easier to block the dport rather then the source port.
Code:
sudo iptables -A OUTPUT --dport 80 -j DROP
Will block opera (and other web browsers) =)
I was just using my post as an example, destination port will work, but then wouldn't you also need to specify 443 plus any other none standard ports that http may be running on?
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
cariboo907
I was just using my post as an example, destination port will work, but then wouldn't you also need to specify 443 plus any other none standard ports that http may be running on?
Yes.
As with INPUT, it is easier to write rules that allow traffic, and then deny the rest, either with a DROP at the end of the chain or as the default policy.
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
WinstonChurchill
This program is incredibly silly - not only can all its functionality be accomplished easily with iptables, the entire idea is pointless: simply running 'sudo netstat -nep' will quickly tell you exactly what programs are accessing the internet.
I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
"block THIS program or process from accessing the Internet"
Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.
Until linux developers understand this linux will not become more popular.
Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
Re: TuxGuardian - application based firewall
I agree that probably most new Ubuntu users come from windows, but in my opinion those that are looking for, I believe, a better OS experience than Windows, extra learning is involved as someone mentioned earlier. There is a learning curve to Ubuntu or any other linux distro. I'm not trying to deter anyone from moving to linux from windows at all, but I feel that if you are just wanting to click and make it happen without knowledge of how it works then Windows may be ideal. Ubuntu/Linux is becoming the click and make it happens but most of the time you need to at least have some knowledge of how the whole process works because custom configuration has always been a plus to linux, in my opinion.
Re: TuxGuardian - application based firewall
@Leebo
You are right that to use linux one must change their approach, but developers should understand that if they want Ubuntu to became more popular changing only look for Unity will not attract many new users.
At least something like GUI for apparmor in Ubuntu would be welcomed. In my opinion that would be more welcomed by Ubuntu users than Unity.
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
arapaho
I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
"block THIS program or process from accessing the Internet"
Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.
Until linux developers understand this linux will not become more popular.
Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
Please forgive me if I sound rude but I believe it has to be said.
People have to start change their mind about how to operate their computers. W still are in the stone age it's time to start evolving and for that users have to simply understand that it is very important to understand what your computer does and why.
I'm very well aware that most users are not ready for this. Some come from Windows where they just adopted a pattern they follow instead of thinking but I feel this has to change. You can't remain in stone age for ever. It should be our goal not to make it easier to just not think but to make thinking a requirement as this is the only real way to enhance security.
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
arapaho
I don't wont spent my time watching connections and block conections after they are already running - this is really silly thing to do. I want to be informed before anything program or proces use internet. And apparmor is too complicated for new users. Simple solution is needed:
"block THIS program or process from accessing the Internet"
Let's face it: most Ubuntu users come from Windows, and they want to use their programs not thinking about watching connections or study security books, applications like apparmor, snort or guess whether this or that program has potentially danger script.
Until linux developers understand this linux will not become more popular.
Obviously by that time I will have to use this user unfriendly applications and your advice to feel more secure.
I fail to understand why people assume that all the knowledge they have gained from years of using Windows, will transfer to a Linux based distribution.
If you are that interested in security, do some testing yourself, instead of trying to apply a Windows solution to a problem that doesn't exist. There have been plenty of examples in this thread, and in this sub-forum of how to check what programs are connecting to the internet. Most of these methods don't work in Windows without installing extra programs. For an average user fresh from Windows the default Ubuntu installation is more secure than the same installation in WIndows.
I've been using a Linux variant for longer than some of our members have been using Windows. On a desktop system, I have never gone out of my way to add extra security, I rarely enable a firewall, as I'm behind a router. The only time I've installed any anti-malware programs is to help someone with a problem. I think before I click that link. Personally I think that knowledge is more important than trying to use software to make myself feel secure.
Re: TuxGuardian - application based firewall
Quote:
Originally Posted by
cariboo907
I fail to understand why people assume that all the knowledge they have gained from years of using Windows, will transfer to a Linux based distribution.
If you are that interested in security, do some testing yourself, instead of trying to apply a Windows solution to a problem that doesn't exist. There have been plenty of examples in this thread, and in this sub-forum of how to check what programs are connecting to the internet. Most of these methods don't work in Windows without installing extra programs. For an average user fresh from Windows the default Ubuntu installation is more secure than the same installation in WIndows.
I've been using a Linux variant for longer than some of our members have been using Windows. On a desktop system, I have never gone out of my way to add extra security, I rarely enable a firewall, as I'm behind a router. The only time I've installed any anti-malware programs is to help someone with a problem. I think before I click that link. Personally I think that knowledge is more important than trying to use software to make myself feel secure.
100% agreed.