Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 16 Sep 2014, 11:45
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How does the Puppy Linux Firewall work?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [13 Posts]  
Author Message
Smithy


Joined: 12 Dec 2011
Posts: 430

PostPosted: Sun 27 May 2012, 15:46    Post subject:  How does the Puppy Linux Firewall work?  

When I have used Zone Alarm in the past, and some programme wants permission, Zone Alarm pops up and says bla bla is trying to act as a server.. or blla bla wants to accept connections, which I can then allow or deny.

How does the Puppy firewall let things through, bearing in mind everything is not being allowed through at the moment except one udp port for an internet telephone?

And yet Firefox and email just connects through without asking for permission. Is the Puppy Firewall sort of dynamic in its actions?

Would like to know about this aspect because I am trying to convert a couple of people who are on *****y vista, and there is a look of fear in their eyes when I suggest ditching Norton+ a Technical Services Co which cost them a bomb each month, when they could spend that on luxury ice cream or tarts instead.
Norton does seem good, but those vista machines are always up to something, updating or warnings going off which they then ask what it all means, and I say, the answer is 42.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 27 May 2012, 20:30    Post subject:  

Money spent on tarts is money well spent.
I myself am partly an Apple tart. Cool

By default Puppy does not run servers and other deamons that can be used as security breaches.
Windows and other distros run with for example Flash, Java etc on.
These can theoretically be used to steal your data and sell it to Facebook - The well known data mining operation.
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

The Puppy firewall turns off any deamons that may be on.
You don't really need it on single user machines.
In fact Puppy ran for years without a Firewall and without any problems.

You can check your security levels with the test programs in my GROWL program available under Menu/Network in Puppy Slacko 5.3.3

PS, want more info and require beyond military grade security?
http://puppylinux.org/wikka/security

Puppy Linux
Safety First. Safety Lasts. Safety saves.

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
cthisbear

Joined: 29 Jan 2006
Posts: 3411
Location: Sydney Australia

PostPosted: Sun 27 May 2012, 20:48    Post subject:  

" I am trying to convert a couple of people who are on *****y vista,
and there is a look of fear in their eyes when I suggest ditching Norton '

the 2 Death Stars.

No wonder they don't want to leave,
that excitement at Windows boot time....

Can it boot?
For how long?

More Win updates...
ISPs rubbing hands with glee...suckers need larger bandwidth
you will pay fella

Oh! Windows has a virus...or ten
sorry Nortons can't scan> fix that virus

More dramas than Days of our Lives.

Best of luck Smithy.

Chris.
Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 430

PostPosted: Mon 28 May 2012, 03:25    Post subject:  

Ha ha, tarts and dramas!

Ok so the Puppy Firewall stops these daemons and firewalls from running.

But Spotify (they both use this) runs very well over wine according to my tests, and it is displaying adverts and stuff. Which is ok 'cos I haven't subscribed.

Presumably the Firewall would kick in and stop something it thought malicious?

I know they (spotify) got absolutely blasted last year when one of their adverts contained an absolutely horrible rootkit from a morally bereft company that was trying to target advertising to people.

Don't know why these companies have to resort to things like this, Sony CD discs had something like that as well a few years ago, I think it is on a Dido cd I have, never play it now, the cheeky ***tz.

I just want to know that if I do them a puppy cd, that nothing will try to mount their precious ntfs with vista on and do their system in! I'd never hear the last of it..Maybe a lock hard drives button could be good. I can sort out the flash cookies expunge.

I've been trying the save session to CD/DVD option and it is brilliant. Boots up really fast now!
And I want to stick to root, none of that password stuff, there's enough of that crap to remember, and they are just single use without any network sharing, just a printer. In fact vista is overkill for what they are using the comps for.
So if they don't like Puppy they can then go back to what they are
comfortable with and miss out on the tarts and ice cream, or rather let the boys and girls at Norton and the Tech Company have extra portions.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 28 May 2012, 04:10    Post subject:  

Ever tried uninstalling Norton?
It is worse than the problems it solves (which it barely does anyway).

My sister was in tears over her Norton uninstalling. She eventually bought an Ipad 2 and has a ruthless security regime for her Windows 7 laptop. I think she uses Puppy for banking.

Puppy
No Passwords. No Viruses. Know Linux.

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
L18L

Joined: 19 Jun 2010
Posts: 2505
Location: Burghaslach, Germany somewhere also known as "Hosla"

PostPosted: Mon 28 May 2012, 07:39    Post subject: Passwords  

Lobster wrote:
Puppy
No Passwords. No Viruses. Know Linux.


I do Know Linux a little bit.
No Passwords.
is NOT true.

This is how I have changed (NOT added) my password:
Code:
# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
#

Last edited by L18L on Tue 29 May 2012, 07:05; edited 1 time in total
Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 430

PostPosted: Mon 28 May 2012, 16:07    Post subject:  

I haven't tried uninstalling Norton, Lobster, should imagine it would involve delving in the registry to properly get rid, but they swear by it, so who am I to argue...and they always have Norton phone number for scream therapy, when one of their update servers has gone down, and the vista world is in turmoil...

I don't really mind what operating system is on a computer, I really like a modified 98se with Kernel EX, 'cos it supports me 'ol Lexicon Soundcard and it's only a coupla hundred meg, in fact I think Win 98 was micro$oft's finest hour, (gonna get flamed, ha ha).

Macs just do the job.

Puppy is great, only thing is the uninstall is terrible, partly because I don't know where everything goes, but I am sure there are bits left, like when I put Ardour on, there was loads of stuff still lurking in there.

So maybe pets should say:
"So.. you want to COMPLETELY remove everything the pet has installed huh? Ok no problemo, give me a sec".

So this one is established
1.
THE PUPPY LINUX FIREWALL IS PERFECTLY ADEQUATE FOR EVERYDAY USE.

So is a password good for internet protection, or is it just in case someone is sharing your computer and you don't want them to screw up the save file or settings?
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 28 May 2012, 22:00    Post subject:  

Quote:
So is a password good for internet protection, or is it just in case someone is sharing your computer and you don't want them to screw up the save file or settings?


Like most Puppys I have and require 'No password'. Wink
Passwords gives a slight added level of security for Lan or Internet but is minimal for a determined cracker.

The mentioned ability to add a password may be augmented by our fido development in the future (giving us the ability to run as admin or as a password protected user). This is really for reviewers and the Penguin paranoids who have been indoctrinated to believe that running as root is the equivalent of being an ignorant Windows patsy.

I always run as root. It is my computer. My choice.

If you are sharing your single user computer than save and encrypt
separate users. Job done.

I don't encrypt either.

Gosh the NSA must be so relieved . . . whilst they write flame2 and beyond for Windows, Ubuntu and Apple devices
http://www.ynetnews.com/articles/0,7340,L-4235231,00.html

Smile

Puppy
Truly Penguin

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Tue 29 May 2012, 12:00    Post subject: Re: How does the Puppy Linux Firewall work?  

Smithy wrote:
How does the Puppy Linux Firewall work?


If a "Quirky Puppy Linux - 1.40" user wants to see how the Puppy Linux Firewall works then the user can type in the box of "urxvt" program: iptables -L -n

If there is a need to change settings of firewall then the user can use "FWBuilder" program or other things which give possibilities to make changes, for example: a knowing of commands of the "iptables" program.

_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 430

PostPosted: Tue 29 May 2012, 18:11    Post subject:  

That's a good little tip postfs1.

Anyways, as long as the firewall works okay, that'll do. The Custom setup routines are really neat once you know what to put in.

The resources (he, she, it, they?) used to make a 20mb harvester must have been massive.

Maybe they should just send that robot lady in from Mars Attacks posing as a nuclear scientist to check it out, or even try a bit of diplomacy, engender a bit more trust...

This is going way off topic tho'!
I blame the Lobster!
Back to top
View user's profile Send private message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Tue 29 May 2012, 19:59    Post subject: Re: How does the Puppy Linux Firewall work?  

Smithy wrote:
How does the Puppy Linux Firewall work?


Addition

OS: "Quirky Puppy Linux - 1.40"

Quote:

Install_FA--for_QBF--sr0.sh
Code:

#!/bin/bash
#
#FA = Firewall Addition
#
#QBF = Quirky Built-in Firewall
#
# # #
#
#du -a /proc/sys/net/ # <--- Will show the places for parameters
#The interesting one: /proc/sys/net/ipv4/tcp_max_syn_backlog
#
# # #
#
#
echo '[Desktop Entry]' > /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Name=More Linux Firewall Wizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Comment=Addition to Linux Firewall Wizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Icon=/usr/local/lib/X11/mini-icons/wizard16.xpm' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
#
#Don't touch this >>>
#Exec=bash -c 'rxvt --geometry 55x20 -e bash -c "dialog --title \"To reply on pings: NO or YES.\" --radiolist \"Variants\" 15 53 10 \"\`echo -e \"\"'\''\"Deactivate the replies on PING queries\"'\''\"\"\` >&/dev/null ; bash -c \"'\''\"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 ; sysctl -w net.ipv4.conf.all.accept_redirects=0 ; sysctl -w net.ipv4.conf.all.send_redirects=0 ; sysctl -w net.ipv4.conf.all.accept_source_route=0 ; sysctl -w net.ipv4.conf.all.forwarding=0 ; sysctl -w net.ipv4.conf.all.rp_filter=1 ; sysctl -w net.ipv4.conf.all.log_martians=1 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1280 ; sysctl -w net.ipv4.icmp_echo_ignore_all=1 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1\"'\''\" \" \":\" on \"\`echo -e \"\"'\''\"Activate the replies on PING queries\"'\''\"\"\`   >&/dev/null ; bash -c \"'\''\"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ; sysctl -w net.ipv4.conf.all.accept_redirects=1 ; sysctl -w net.ipv4.conf.all.send_redirects=1 ; sysctl -w net.ipv4.conf.all.accept_source_route=1 ; sysctl -w net.ipv4.conf.all.forwarding=1 ; sysctl -w net.ipv4.conf.all.rp_filter=0 ; sysctl -w net.ipv4.conf.all.log_martians=0 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1024 ; sysctl -w net.ipv4.icmp_echo_ignore_all=0 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=0\"'\''\" \" \":\" off 2>/tmp/.pmt.w" ; chmod u+x /tmp/.pmt.w ; sh /tmp/.pmt.w ; rm /tmp/.pmt.w ; bash -c "`Xdialog --inputbox \"And now, the firewall can be tested. -=/Services/ShieldsUP=- is the choice.\" 8 80 \"bash -c \"'\''\"/usr/bin/icecat-3.6.16-i686/icecat -width 1010 -height 710 http://www.grc.com/privacy.htm\"'\''\"\" 2>&1`"'
grep "\-\-radiolist" /mnt/sr0/_Files/Firewall_Addition--Quirky_Built-in_Firewall/Install_FA--for_QBF--sr0.sh | grep -v "Install_FA--for_QBF--sr0.sh" | sed 's/#//' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
# <<<
echo 'Terminal=false' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Type=Application' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Encoding=UTF-8' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Categories=X-SetupWizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
#
rox -p=/root/Choices/ROX-Filer/PuppyPin ;
fixmenus ;
xmessage "-=More Linux Firewall Wizard=- program has been installed." `jwm -restart`


Edit: 2012, may 30.

Another variant of the script's line(a few signs were replaced(2012, may 31)):

Code:
#Exec=bash -c 'rxvt --geometry 56x20 -e bash -c "dialog --title \"To reply on pings: NO or YES.\" --radiolist \"Variants\" 14 57 10 \"\`echo -e \"\"'\'' \"Deactivate the replies on PING queries\"'\''\"\"\` >&/dev/null ; bash -c \"'\''\"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 ; sysctl -w net.ipv4.conf.all.accept_redirects=0 ; sysctl -w net.ipv4.conf.all.send_redirects=0 ; sysctl -w net.ipv4.conf.all.accept_source_route=0 ; sysctl -w net.ipv4.conf.all.forwarding=0 ; sysctl -w net.ipv4.conf.all.rp_filter=1 ; sysctl -w net.ipv4.conf.all.log_martians=1 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1280 ; sysctl -w net.ipv4.icmp_echo_ignore_all=1 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1\"'\''\" \" \":\" on \"\`echo -e \"\"'\'' \"Activate the replies on PING queries\"'\''\"\"\`   >&/dev/null ; bash -c \"'\''\"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ; sysctl -w net.ipv4.conf.all.accept_redirects=1 ; sysctl -w net.ipv4.conf.all.send_redirects=1 ; sysctl -w net.ipv4.conf.all.accept_source_route=1 ; sysctl -w net.ipv4.conf.all.forwarding=1 ; sysctl -w net.ipv4.conf.all.rp_filter=0 ; sysctl -w net.ipv4.conf.all.log_martians=0 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1024 ; sysctl -w net.ipv4.icmp_echo_ignore_all=0 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=0\"'\''\" \" \":\" off 2>/tmp/.pmt.w" ; chmod u+x /tmp/.pmt.w ; sh /tmp/.pmt.w ; rm /tmp/.pmt.w ; bash -c "`Xdialog --inputbox \"And now, the firewall can be tested. -=/Services/ShieldsUP=- is the choice.\" 8 80 \"bash -c \"'\''\"/usr/bin/icecat-3.6.16-i686/icecat -width 1010 -height 710 http://www.grc.com/privacy.htm\"'\''\"\" 2>&1`"'




A script's content can be copied into text editor by means of <Quote> mode.

_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.


Last edited by postfs1 on Thu 31 May 2012, 14:05; edited 3 times in total
Back to top
View user's profile Send private message 
Lazy JW

Joined: 21 Dec 2011
Posts: 70

PostPosted: Wed 30 May 2012, 07:51    Post subject:  

Lobster wrote:
Ever tried uninstalling Norton? ...


Yes. In my advanced computers class in college last winter. With the help of my instructor (who is also a diehard Linux fan, Red Hat, Ubuntu, etc.). We tried all of the "normal" means (Win 7) and Norton just refused to let go. I had recently introduced my instructor to Puppy Linux, and finally he said "Just boot that thing to Puppy and go in and delete the Norton files!" So I did, and it worked. The last time I saw him he was installing Slacko on a thumb drive Cool
Joe
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3411
Location: Sydney Australia

PostPosted: Thu 31 May 2012, 08:01    Post subject:  

Norton Removal Tool

the only way to go.

http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

You probably need to run >> rkill

http://www.majorgeeks.com/RKill_d6848.html

or roguekiller

http://www.majorgeeks.com/RogueKiller_d6983.html

to stop the processes before running Nortons remover,

if you are having trouble uninstalling.

"""""""""

Majorgeeks...a great download page.

Has even mentioned Puppy occasionally.

http://www.majorgeeks.com/

Chris.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [13 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1180s ][ Queries: 12 (0.0190s) ][ GZIP on ]