Forgot your password?
typodupeerror

+ - ask slashdot: tight firewall for brand-new linux user 2

Submitted by Anonymous Coward
An anonymous reader writes "Hi all,

I am a new Linux user. I'm on 2nd day now. Currently I am trying out Ubuntu, but that could change.

I am looking for a USER FRIENDLY firewall that I can setup that lets me do these things:
(requirement1) set up a default deny rule
(requirement2) carve out exceptions for these programs: browser, email client, chat client, yum and/or apt.
(requirement3) carve out exceptions to the exceptions in requirement2. i.e. I want to be able to then block off IPs and IP ranges known to be used by malware, marketers, etc., and all protocols which aren't needed for requirement2.
(requirement4) it needs to have good enough documentation that a beginner like me can figure it out

Previously, I had done all of the above in AVG firewall on windows, and it was very easy to do...

So far I have tried these things:
(try1) IPTABLES — it looked really easy to screw it up and then not notice that its screwed up and/or not be able to fix it even if I did notice, so I tried other things at that point...
(try2) searched the internet and found various free firewalls such as Firestarter, GUFW, etc., which I weren't able to make meet my requirements.

Can someone either point me to a firewall that meets my needs or else give me some hints on how to make firestarter or GUFW do what I need?

Thank You"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

ask slashdot: tight firewall for brand-new linux user

Comments Filter:
  • Shorewall meets requirements 1-3 for sure, with 4 being open to interpretatin.
  • As a Linux user for 10+ years .
    The Default settings for the firewall in almost any linux OS are good

    and set up to be secure
    Ubuntu dose NOT use "yum" .That is a Redhat tool
    about the only thing the user might need to do is if they are using a P2P program and there isp blocks port 6881
    is open ports for it

    "set up a default deny rule"
    unused ports on linux systems are already BLOCKED in "stealth" mode
    as in there will be no "deny" answer going back

You are in the hall of the mountain king.

Working...