Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wish to run a Linux Firewall for my small home network. I have a machine that runs Windows as well. I was wondering if it possible via the Linux Firewall to block Internet Access to programs akin to Symantec's "Program Block" or "Program Scan". How do I achieve this? Also which Firewall is best to use? I know Checkpoint is extremely good however would like a similar alternative which is free.
Did u want to block the Windows for all internet access ?!
Did u want to only the Linux to accesss the Internet ?!
if u have configure the MASQUERADE , run command following from Linux :
iptables -t nat -A PREROUTING -i ppp0 -o eth0 -j DROP
ppp0: ur Internet interface on Linux .
eth0: ur local interface on the Linux to connect the Windows !
If u have not to configure the MASQUERADE , ur Windows has already can't access the Internet !
Originally posted by Bruce Ma
if u have configure the MASQUERADE , run command following from Linux :
iptables -t nat -A PREROUTING -i ppp0 -o eth0 -j DROP
[/B]
Probably would be better to just remove the Masquerade rule entirely, rather than masquerading and then dropping the prerouted traffic (technically you really shouldn't be packet filtering in the nat table anyway). At the very least block it in the Forwarding chains instead.
Obie:
In general to block any kind of lan traffic (ports/programs):
where XX is the port number used by the program. Alot of times you'll see people drop this traffic entirely, but then the LAN clients will get annoying application hangs where the app just sits there and tries to re-send packets untill a timeout is reached, thereby generating un-necessary traffic. If you are really annoyed with the user in question, maybe dropping is what you would like to do after all
Thank you all for your quick responses. I would like to allow Internet access to the Internet on my Windows machine. This is what I would like to do. Setup a Linux firewall. Have my Windows machine sit behind the firewall. Allow common ports e.g. 80, 443, 21, 25, 110. Now I also wish to block access to the Internet to all software except say my browser, etc. How do I know which ports the software use?
Also unanswered was my query, which Linux firewall is recommended?
Thank you all for your quick responses. I would like to allow Internet access to the Internet on my Windows machine.
Have you set up some kind of internet connection sharing already?
How do I know which ports the software use?
Check /etc/services or the software documentation.
Also unanswered was my query, which Linux firewall is recommended?
I would recommend iptables, which should be include with most recent versions of linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.