Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security Networking Open Source Software Linux

Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User? 187

An anonymous reader writes "I am a new Linux user; I'm on 2nd day now. Currently I am trying out Ubuntu, but that could change. I am looking for a user friendly firewall that I can set up that lets me do these things:1) set up a default deny rule 2) carve out exceptions for these programs: browser, email client, chat client, yum and/or apt. 3) carve out exceptions to the exceptions in requirement 2 — i.e. I want to be able to then block off IPs and IP ranges known to be used by malware, marketers, etc., and all protocols which aren't needed for requirement 2. It also needs to have good enough documentation that a beginner like me can figure it out. Previously, I had done all of the above in AVG Firewall on Windows, and it was very easy to do. So far, I have tried these things:1) IPTABLES — it looked really easy to screw it up and then not notice that it's screwed up and/or not be able to fix it even if I did notice, so I tried other things at that point... 2) searched the internet and found various free firewalls such as Firestarter, GUFW, etc., which I weren't able to make meet my requirements. Can someone either point me to a firewall that meets my needs or else give me some hints on how to make firestarter or GUFW do what I need?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

Comments Filter:
  • by caseih ( 160668 ) on Saturday April 05, 2014 @02:47PM (#46671259)

    Many of the posts so far direct the original poster to dedicated firewall appliances or distributions. If I read the summary correctly, the OP is simply looking for a good GUI to manipulate the firewall rules built into the kernel of all modern Linux distributions.

    I can't vouch for any of them, but GUI frontends include guardog, lokkit, firestarter, and probably others. They are all in various states of development and maintenance.

    Part of what the user wants to do (firewall per app) wasn't possible in the past with iptables (per-gid blocking was easy), but I believe it's now possible. A primitive daemon, called Leopard Flower, seems to offer this functionality: http://leopardflower.sourcefor... []

    From what I can see, the most promising, integrated, easy-to-use firewalling GUI software going forward is Fedora's firewalld and it's accompanying GUI. I know firewalld is available on Ubuntu (and its command-line interface). I'm not sure about the GUI part. Perhaps someone familiar wit Ubuntu can comment. Here's an article on installing it in Mint, so I assume it's similar in Ubuntu: []

    From what I can see, firewalld and firewall-config hit the sweet spot for most desktop users. I'd never use it on my router, but for a desktop, it works pretty well and is under active development. I imagine it will sport per-application feature soon, if it doesn't already.

  • by abhi_beckert ( 785219 ) on Saturday April 05, 2014 @02:50PM (#46671273)

    You're making the assumption that all the bad stuff is outside the firewall and nothing evil ever gets in.

    An example of how I use my firewall, is I block my email program from making any network connection other than imap/smtp. If it tries to make any other network connection (eg: downloading images from a web server), the firewall blocks it.

  • firehol (Score:3, Interesting)

    by demerson3 ( 1631599 ) on Saturday April 05, 2014 @04:49PM (#46672101)
    I'm a little surprised nobody has mentioned firehol - []. I've been using it for my simple needs, and it is fabulous. Easy to learn, simple language, great results, and CLI-friendly. (Prior to discovering it, I used guarddog, which I found to be good but which isn't anywhere near as good as firehol.) From the firehol page: FireHOL is an iptables firewall generator producing stateful iptables packet filtering firewalls, on Linux hosts and routers with any number of network interfaces, any number of routes, any number of services served, any number of complexity between variations of the services (including positive and negative expressions).

Nothing is finished until the paperwork is done.