Page 9 of 12 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 112

Thread: TuxGuardian - application based firewall

  1. #81
    Join Date
    Jun 2010
    Beans
    119
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: TuxGuardian - application based firewall

    I wonder what Canonical think about this issue. If it comes up all over again it would be nice if they share their opinion.
    I'm glad to know what advanced users think but I don't their attitude at all.
    I don't think Ubuntu security model is the best possible. Definitely, it can be improved.
    I had a look at Canonical web site but there is no way to contact them, unless one wants to pay for support.
    It would be nice if somebody from Canonical team could comment on brainstorm idea referred in my footnote.

  2. #82
    Join Date
    Nov 2005
    Beans
    91

    Wink Re: TuxGuardian - application based firewall

    It wasn't until opendoors offered a point by point explanation that i really understood the rift. Thank You for doing that.


    This thread is long, informative and in places undeniably humorous. Many Thanks.



    Best wishes.
    Lawrence Lessig - Copyright in RW/RO culture
    www.youtube.com/watch?v=byB7nKSnFBM Freedom is worth something volunteer your time, talents and dollars. How long will it last? You decide with your support.

  3. #83
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    @arapaho most communications with developers is done through mailing lists. I don't know how busy it is, but if you have security questions, I suggest you ask them on the ubuntu-hardened mailing list.

  4. #84
    Join Date
    Mar 2011
    Beans
    Hidden!

    Re: TuxGuardian - application based firewall

    I Love Linux and as long as we only stick with the Repositories and there are no breeches in trust or major coding issues; we will be fine. This is what I do but I would still feel better if I had a program that would more easily track which programs access the Internet both to control my "pay per use" Internet access and if there is a problem. This is especially true now that so many programs use port 80 and/or so many temporary ports.

    (Thank you for the suggestions for how to track with the current super-tools. I am looking at making them work but they are complex.)

    I have seen newer users download stuff from the Repos that turned on smbd, nmbd, sendmail, and postfix services over the years without their realizing or intending it. Thank goodness I think to look when they ask me and that UPnP wasn't on while their firewalls were. I still don't know how they did it but an application firewall could have warned them before I did.

    Canonical-census caused philosophical debates with the OEM installs and when phone-home is okay.

    The Debian OpenSSL PRNG bug shows we aren't perfect.

    Sourceforge was cracked (but with great recovery on their part... ) and malware was hidden inside a screensaver on gnome-look. Doesn't the Wine install pull from Sourceforge?

    For a few, linux hardware drivers and embedded Linux are still an issue. especially for specialized hardware like accessibility and business devices including tablets. I have a friend who is using the manufacturer's drivers for his special monitor since he couldn't get it working on SUSE with the open drivers.

    When I need to use metered (pay per use) Internet use and just want to check my webmail I have to remember to turn off all the Internet functionality of my music player, my email program, etc. then remember to turn them all back on when I can use unmetered use.

    The point of this long rambling post is that different people have different needs and I appreciate everyone discussing this issue so we can find solutions for all of us. Thank you!

  5. #85
    Join Date
    May 2011
    Beans
    4

    Angry Re: TuxGuardian - application based firewall

    OMFG, wow... this is the most exasperating post to read.

    The average user is never going to futz around with IPTABLES, ever. I know you'd like to see that, but it's never going to happen.

    Does the average person know how to change their oil? Nope, and that's vastly easier than anything computer related.

    At any rate, allow me to sidestep the whole security argument. What about programs that are just annoying? Say Adobe starts making software for Linux and they stick with their Windows-style updater and such? Let me guess your response, "They wouldn't do that on Linux." We don't know that, so let's say they do. It would be nice to not have to block ALL internet traffic in order to block the Adobe updater.

    Or as the person above me states, it would be useful to control bandwidth. Maybe you want to schedule certain programs to only connect at certain times of the day?

    Either way, the real insanity here is that some cannot even concede that this would ever in any way be useful on Linux, since "that's not the Linux way, you're thinking like Windows, which sucks." Well Linux is much superior, right, so why not match the capabilities of Windows?

  6. #86
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by butler360 View Post
    Either way, the real insanity here is that some cannot even concede that this would ever in any way be useful on Linux, since "that's not the Linux way, you're thinking like Windows, which sucks." Well Linux is much superior, right, so why not match the capabilities of Windows?
    Welcome to Linux. One of your new found freedoms is to write just such an application for yourself.

    You could try to convince a more experience Linux user to assist you or possibly write it for you, but you have two problems.

    1. More experienced uses do not see the need.

    2. Your posting style comes across as rather demanding, and this is not a good tone to use if you are seeking assistance of others.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #87
    Join Date
    May 2011
    Beans
    4

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by bodhi.zazen View Post
    Welcome to Linux. One of your new found freedoms is to write just such an application for yourself.

    You could try to convince a more experience Linux user to assist you or possibly write it for you, but you have two problems.

    1. More experienced uses do not see the need.

    2. Your posting style comes across as rather demanding, and this is not a good tone to use if you are seeking assistance of others.
    You've got it wrong again. Where did I ask anyone to DO anything? Like I said, it shouldn't be that hard to just concede that this would be useful.

    Please point out where I demand that someone write this program for me?

  8. #88
    Join Date
    Apr 2010
    Location
    Wales, UK
    Beans
    92
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by butler360 View Post

    The average user is never going to futz around with IPTABLES, ever. I know you'd like to see that, but it's never going to happen.
    I quite agree with this sentiment. And while I was using it COMODO firewall was actually really user-friendly and intuitive.
    I actually learnt more about networking from those help pages than I did from anything built into my operating system.
    But I see that application as 'training wheels' now. And like a bike's training wheels they need to be ditched eventually if you're ever going to get a proper experience.
    I'd imagine the reluctance to continue to develop an app like TuxGuardian is due to a combination of an understanding of the Linux ecosystem, arrogance, elititsm, lack of demand and a lack of (perceived)need.

    I'm not against TuxGuardian or similar but have you actually looked at iptables?
    Code:
    sudo iptables -I OUTPUT -p all --destination badsite.com -j DROP
    and that's it. No more connections to badsite.com
    Computers are complex pieces of equipment. Would you be comfortable if you were on a plane and the pilot told you they didn't know how anything worked? That all they had to do was flick a few switches?
    Guess what I'm trying to say in a roundabout way is that if you don't understand something you become entirely dependent on those who do...or the warez they're offering.(And no I don't completely understand Linux either )
    In case I don't see ya; good afternoon, good evening, and goodnight

  9. #89
    Join Date
    May 2011
    Beans
    4

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by CandidMan View Post
    Would you be comfortable if you were on a plane and the pilot told you they didn't know how anything worked? That all they had to do was flick a few switches?
    No, I would not be comfortable. But what percentage of people are pilots versus the number of people who travel in airplanes? The sentiment here is that everyone should be a pilot, it seems.

    I know it's easy to block connections to a specific site, but that's just a workaround to accomplish something that could be much easier by just selecting the application you don't want to give access to.

  10. #90
    Join Date
    Apr 2010
    Location
    Wales, UK
    Beans
    92
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: TuxGuardian - application based firewall

    Yeah, I know what you're saying. And reading my own posts I think I sound dangerously close to being a geek elitist at times. You don't have to be a pilot, but it does help if you have an interest in planes
    Have you looked at apparmor?
    iptables has lots of options, not sure if you can impose data-cap limits but you impose restrictions based on time, user, packet count etc. It's not so bad if you know exactly
    There's one line you can insert into a profile that I think prevent network access:
    Code:
    deny network
    Voila, no network capabilities!!
    In case I don't see ya; good afternoon, good evening, and goodnight

Page 9 of 12 FirstFirst ... 7891011 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •