Debian :: Per Process Firewall GUI?
Aug 23, 2015
I've been trying to make the switch from windows to debian (mate), but I am utterly lost trying to find a replacement for my firewall (Outpost). I have become dependent on features like:
- per application outgoing/incoming TCP/UDP rules
- per application outgoing/incoming IP rules
- per application outgoing/incoming PORT rules
What i seek is a graphical firewall, (or Iptables-) GUI) that will popup a notification that a cirtain program wants to connect to the internet with a cirtain IP over a cirtain PORT and connectiontype.
It seems like FireFlier is what I want, but i was not able to get that running because it is most likely to old and no longer compatible:
(small update on FireFlier, Martin Maurer, the compiling error could be fixed by changing the order of lines 4 and 5 in server/backend.h which would then be
Code: Select all#include <netinet/in.h>
#include <linux/netfilter.h>
And although i'm still to clueless to get the rest working, [URL]....
Also from what I understand is that I should be able to achieve this with AppArmor or Selinux, but I was unable to do so. For the rest, all I could find where firewalls like Douane, that are just not powerfull enough [URL]...
View 9 Replies
ADVERTISEMENT
May 27, 2011
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
View 1 Replies
View Related
May 14, 2010
i got a script from the internet to setp a centos as an gateway server for my lan. after installing the script, every thing worked fine. and in fact it does work well but what beats me is that when ever i restart the machine, upon booting and service startup, the systems hangs on starting up networking service. since i had not experience this ever before using this script, am confused as to if the script could be the cause. below is the exact script.my distro is centos 4.6
#!/bin/bash
# Author: Muhammad Kamran Azeem ( kamran@wbitt.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it )
[code]....
View 12 Replies
View Related
Apr 5, 2011
I installed Firestarter firewall on debian Squeeze.Now i note there is a gui available in System->Administration which apparently does not need to be running all the time - its not set up to start on boot.When I boot I notice the boot message has a line saying "Starting Firestarter firewall .... failed"When I am logged in and type "/etc/init.d/firestarter status" as the Firestarter FAQs say, I get"Firestarter is running... ... (warning)"I can run the gui manually and still same message.
View 2 Replies
View Related
Mar 25, 2011
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
View 9 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Mar 7, 2011
how can i setup a firewall in my system
View 3 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Jul 17, 2010
We have a setup of around 10 computers with 1 linux server... We want to convert it into a centralized system where firewall services are activated from the linux server and certain websites are restricted from acess for the workstations.. Are there any good softwares for this.. open source preferably... I'm using debian already for the web server and file server already....
View 7 Replies
View Related
Apr 5, 2011
I am running squeeze 6 on amd64 i like to know if there is guide how to setup a good firewall for dummies like me
View 7 Replies
View Related
May 13, 2011
I installed the ferm firewall with aptitude in the debian squeeze, the ferm init script is installed to the /etc/init.d and it's enabled in the /etc/default/ferm:
# configuration for /etc/init.d/ferm
# Enable the ferm init script? (i.e. run on bootup)
ENABLED=yes
View 3 Replies
View Related
Jul 4, 2011
My firewall keeps blocking something called CPQ-Wbem. There have been about 10 instances of this.
A machine on the network is advertising it runs, or looks for machines running, Compaq Insight Manager on TCP/2301. If the machine isn't yours or you haven't enabled Compaq's web-based remote management then silently drop it.
Now as far as i know i do not have a network, just a dsl connection. I also do not own a Compaq computer. So if someone who has some knowledge of this could you explain to me how a " network is advertising it runs, or looks for machines running, Compaq Insight Manager on TCP/2301 " . This would seem to me to be a local network thing not a www thing ?
View 2 Replies
View Related
Dec 16, 2010
how to configure my firestarter firewall. I have a website which requires the port 1935 to be open. I figured out how to open the port using firestarter. Is there anyway to make the port open only to this website, and not to every other website for security reasons of course.
View 4 Replies
View Related
Sep 9, 2011
I have just switched over from firestart to gufw.I have set all incoming traffic to deny and all outgoing traffic to allow.I have rules set for incoming traffic, and have only opened 1 port on my system for torrents. My router also only has the same port opened which again is for torrents.I use "Network Tools" which is included on squeeze and do a portscan of 192.168.1.100 and 127.0.0.1 I get all kinds of crazy ports coming back as opened. What is even stranger is if I do a few scans, these ports change, so one port on one scan may come up as open, then it will disappear and a different port may show as open.
Mind you none but the torrent port is forwarded in my router, I have no idea what any of these other ports are, or why they are even showing up.What the heck is going on? I dont think this is normal? Am I at any higher risk for attack?
View 1 Replies
View Related
May 16, 2010
Recently I have been working on iptables and trying to understand how to use it. Here's a little script I have written to setup a basic firewall for myself:
Code:
#!/bin/bash
if [ `id -u` -ne 0 ]; then
echo "You need root privilege"
exit 1
fi
PROG=/sbin/iptables
$PROG -F
function sethttp {
echo "Opening http port..."
$PROG -A INPUT -p tcp --dport 80 -j ACCEPT
}
function sethttps {
echo "Opening https port..."
$PROG -A INPUT -p tcp --dport 443 -j ACCEPT
}
function settorrent {
echo "Opening torrent port..."
$PROG -A INPUT -p tcp --dport 52413 -j ACCEPT
}
while getopts "hst" option; do
case "$option" in
h) sethttp;;
s) sethttps;;
t) settorrent;;
*) echo "DOH!"
esac
done
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$PROG -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$PROG -A INPUT -i lo -j ACCEPT
$PROG -A OUTPUT -o lo -j ACCEPT
$PROG -A INPUT -j DROP
$PROG -A FORWARD -j REJECT
echo "Done setting up the firewall! Enjoy :)"
exit 0
OK, this can take 3 arguments that open ports 80, 443 and 52413. And at the end, some default rules are applied. But here's the thing I don't understand:
if I don't give the argument for port 80, I can still view web pages... and also, when I remove the line:
Code:
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Whether I say it to open port 80 or not, I can't view any web pages.
View 1 Replies
View Related
May 16, 2011
this is my first post and I'm a newbie with debian.I have written a simple script for iptables (rc.firewall)
#!/bin/sh
### BEGIN INIT INFO
# Provides: Script Firewall for IP-tables
[code]....
View 2 Replies
View Related
Dec 11, 2010
I wonder do we need firewall for home pcs at all?I mean, fine, for servers and stuff, but I have my own laptop station. People have different position on this issue.
View 14 Replies
View Related
Jul 3, 2011
I have a Bubba Two headless PC box and on it a Debian GNU/Linux Squeeze operating system.
I have upgraded my Bubba Two [URL]to Debian Squeeze from Debian Etch following these steps: Running Debian lenny or squeeze on Bubba Two [URL]
After this upgrade I have setup networking on Bubba following these steps: Setting up networking [URL]
In the case [URL] doesn't work, here are these steps:
[Code].....
View 5 Replies
View Related
Feb 10, 2010
I am behind a university http proxy (squid) server and all of my internet connections have to go through it. I haven't been able to find any setting in Evolution that allows me to specify my proxy settings.
Searching on Google, it suggested that evolution can't work behind proxies and works only with direct connections to the internet.
I wanted to know if there is any way round this problem. I tried posting the same question on gnome list and gnome hacking list and no reply has come so far.
View 1 Replies
View Related
Feb 27, 2010
I have Linux computers that are often on client networks inside firewalls . They have access to the internet but I can't access them directly. I don't want to have to get the client to mess with NATing , etc . I have written a system that uses XMPP to allow me to send commands to the computers and run simple console commands which often time is enough. These are things like run a report and ftp up to server, restart a process, give me a process list. It works OK, but some networks even block this (Googletalk is not universally loved for some reason)
I am wondering if there is a prebuilt system that allows me a computer inside one firewall (say a standard adsl modem created one) communicate in some way with a computer inside a network created by another adsl modem. I could see some sort of console like logmein or pc anywhere but as much as I have looked I can't find anything. I have considered writing a cheap and cheerful system in http or even a TCP system using asyncore in python but there must be something existent. I have a server on the web that could be used as an intermediary, relay type thing. Basically some sort of chat server for consoles is what I am thinking about. Is there some sort of SSH voodoo that I could bridge/tunnel/vpn through.
View 3 Replies
View Related
May 31, 2011
I want to know if I can download Fedora's firewall config utility and convert it to a .deb file using alien.
View 6 Replies
View Related
May 28, 2011
I have created a firewall script to work via iptables on debian. This script is a derivative from the script on [url] and a course I'm following at school.
I'm not looking for a perfect solution or someone to grade my work. how to improve this script. while running this script I get a lot of errors back.
Quote:
View 11 Replies
View Related
Feb 27, 2011
I wanted to know which is the best firewall application for my debian squeeze amd64 home desktop. I prefer a simple interface yet powerful enough. After googling I found two options - gufw & firestarter. I am not sure which one to choose between these two.
View 6 Replies
View Related
Oct 10, 2013
Consolidate several lines of a CSV file with firewall rules, in order to parse them easier?
I have a .csv file, which I created using an HTML export from a Check Point firewall. The objective is to have all the firewall configuration lines where a given host is present. I have to do this for a few hundred, manually is not a reasonable option. I'm going to write a simple Python script for this.
The problem is that the output from the Check Point firewall is complicated to work with. If a firewall rule works with several source or destination hosts, services or other configurations, instead of having them separated with a symbol other than a comma, I get a new line.
This prevents me from exporting the line where the host is present, since I would be missing info.
Let me show you an example, hostnames are modified, of course:
NO.;NAME;SOURCE;DESTINATION;VPN**;SERVICE;ACTION;TRACK;INSTALL ON;TIME;COMMENT
1;;fwxcluster;mcast_vrrp;;vrrp;accept;Log;fwxcluster;Any;"VRRP;;*Comment suppressed*
;;;;;igmp;;;;;
2;;fwxcluster;fwxcluster;;FireWall;accept;Log;fwxcluster;Any;"Management FWg;*Comment suppressed*
;;fwmgmpe;fwmgmpe;;ssh;;;;;
;;fwmgm;fwmgm;;;;;;;
3;NTP;G_NTP_Clients;cmm_ntpserver_pe01;;ntp;accept;None;fwxcluster;Any;*Comment suppressed*
;;;cmm_ntpserver_pe02;;;;;;;
View 0 Replies
View Related
Jan 29, 2011
I've got a Shorewall (Shoreline?) firewall up and running, but it's logging to /var/log/messages. I'd much rather have it logging to another location e.g. /var/log/firewall but can't find (a clear enough) explanation on how to do this. Apparently, it varies greatly depending on the distro, the kernel, and the version of Shorewall that is running. You'd think it would be something as simple as setting a path in a config file, but apparently not. I'm running a stock Lenny kernel on the firewall machine. It comes with version 4.0.15 of Shorewall.
View 9 Replies
View Related
Oct 11, 2013
I have a CSV file, which I created using an HTML export from a Check Point firewall policy. Each rule is represented as several lines, in some cases. That occurs when a rule has several address sources, destinations or services.
I need the output to have each rule described in only one line. It's easy to distinguish when each rule begins. In the first column, there's the rule ID, which is a number.
Here's an example. In green are marked the strings that should be moved:
See example. The strings that should be moved are in bold:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp;accept;
;;;;igmp;;
2;Testing;fwgcluster;fwgcluster;FireWall;accept;
;;fwmgmpe;fwmgmpe;ssh;;
;;fwmgm;fwmgm;;;
What I need ,explained in pseudo code, is this:
Read the first column of the next line. If there's a number:
Evaluate the first column of the next line. If there's no number there, concatenate (separating with a comma) the strings in the columns of this line with the last one and eliminate the text in the current one
The output should be something like this. The strings in bold are the ones that were moved:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp-igmp;accept;
;;;;;;
2;Testing;fwgcluster-fwmgmpe-fwmgm;fwgcluster-fwmgmpe-fwmgm;FireWall-ssh;accept;
;;;;;;
The empty lines are there only to be more clear, I don't actually need them.
View 1 Replies
View Related
Nov 11, 2010
I've some file with .sh extensions that runs some softwares.Now,how do I stop running that filesI know we run the command ./start_tomcat.sh to start the apache.Is there any command to stop that file/process or is it just kill the process to stop the process
View 2 Replies
View Related
Mar 26, 2016
I need to un a script backup once a day, but crontab need to set the time to run, and sometimes the hour to run is missed and the script doent trigger, id like to run anytime the script once a day.,.
View 8 Replies
View Related
Feb 2, 2016
Sometimes (rarely) when I try to open VLC it wont open, but it stays in the background and takes 98-100% of one core.
The problem is that I can't kill that vlc-process.
Code: Select allkillall vlc
will NOT kill it
and
Code: Select allkill 31641
won't work either
top shows
Code: Select allPID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
31641 xxxxxxxx 20 0 1320248 64384 39120 S 100.0 1.6 44:51.94 vlc
Is there any way to kill the vlc-process (without booting the machine)? I also tried the "killall vlc" and "kill 31641" as root with the same results.
I have Debian jessie and the only "nonofficial" repositories I have enabled are
#google chrome
http://dl.google.com/linux/chrome/deb stable main
#Backports
deb http://httpredir.debian.org/debian jessie-backports main
And from those I have installed only chrome, and wine-development, and I dont think those could have anything to do with this problem.
Booting the machine does work, but I don't want to boot my machine just now. This happens about once per week
View 4 Replies
View Related
Dec 31, 2010
well i am doing an assignment about debian OS 5 . so i need some info about Deadlocks and how to kill a process using GUI interface . i already found a way to do it in Command line .
View 3 Replies
View Related
