How does the Puppy Linux Firewall work?

For discussions about security.
Post Reply
Message
Author
User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

How does the Puppy Linux Firewall work?

#1 Post by Smithy »

When I have used Zone Alarm in the past, and some programme wants permission, Zone Alarm pops up and says bla bla is trying to act as a server.. or blla bla wants to accept connections, which I can then allow or deny.

How does the Puppy firewall let things through, bearing in mind everything is not being allowed through at the moment except one udp port for an internet telephone?

And yet Firefox and email just connects through without asking for permission. Is the Puppy Firewall sort of dynamic in its actions?

Would like to know about this aspect because I am trying to convert a couple of people who are on *****y vista, and there is a look of fear in their eyes when I suggest ditching Norton+ a Technical Services Co which cost them a bomb each month, when they could spend that on luxury ice cream or tarts instead.
Norton does seem good, but those vista machines are always up to something, updating or warnings going off which they then ask what it all means, and I say, the answer is 42.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

Money spent on tarts is money well spent.
I myself am partly an Apple tart. 8)

By default Puppy does not run servers and other deamons that can be used as security breaches.
Windows and other distros run with for example Flash, Java etc on.
These can theoretically be used to steal your data and sell it to Facebook - The well known data mining operation.
http://www.wired.com/threatlevel/2012/0 ... nter/all/1

The Puppy firewall turns off any deamons that may be on.
You don't really need it on single user machines.
In fact Puppy ran for years without a Firewall and without any problems.

You can check your security levels with the test programs in my GROWL program available under Menu/Network in Puppy Slacko 5.3.3

PS, want more info and require beyond military grade security?
http://puppylinux.org/wikka/security

Puppy Linux
Safety First. Safety Lasts. Safety saves.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#3 Post by cthisbear »

" I am trying to convert a couple of people who are on *****y vista,
and there is a look of fear in their eyes when I suggest ditching Norton '

the 2 Death Stars.

No wonder they don't want to leave,
that excitement at Windows boot time....

Can it boot?
For how long?

More Win updates...
ISPs rubbing hands with glee...suckers need larger bandwidth
you will pay fella

Oh! Windows has a virus...or ten
sorry Nortons can't scan> fix that virus

More dramas than Days of our Lives.

Best of luck Smithy.

Chris.

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#4 Post by Smithy »

Ha ha, tarts and dramas!

Ok so the Puppy Firewall stops these daemons and firewalls from running.

But Spotify (they both use this) runs very well over wine according to my tests, and it is displaying adverts and stuff. Which is ok 'cos I haven't subscribed.

Presumably the Firewall would kick in and stop something it thought malicious?

I know they (spotify) got absolutely blasted last year when one of their adverts contained an absolutely horrible rootkit from a morally bereft company that was trying to target advertising to people.

Don't know why these companies have to resort to things like this, Sony CD discs had something like that as well a few years ago, I think it is on a Dido cd I have, never play it now, the cheeky ***tz.

I just want to know that if I do them a puppy cd, that nothing will try to mount their precious ntfs with vista on and do their system in! I'd never hear the last of it..Maybe a lock hard drives button could be good. I can sort out the flash cookies expunge.

I've been trying the save session to CD/DVD option and it is brilliant. Boots up really fast now!
And I want to stick to root, none of that password stuff, there's enough of that crap to remember, and they are just single use without any network sharing, just a printer. In fact vista is overkill for what they are using the comps for.
So if they don't like Puppy they can then go back to what they are
comfortable with and miss out on the tarts and ice cream, or rather let the boys and girls at Norton and the Tech Company have extra portions.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#5 Post by Lobster »

Ever tried uninstalling Norton?
It is worse than the problems it solves (which it barely does anyway).

My sister was in tears over her Norton uninstalling. She eventually bought an Ipad 2 and has a ruthless security regime for her Windows 7 laptop. I think she uses Puppy for banking.

Puppy
No Passwords. No Viruses. Know Linux.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Passwords

#6 Post by L18L »

Lobster wrote:Puppy
No Passwords. No Viruses. Know Linux.
I do Know Linux a little bit.
No Passwords.
is NOT true.

This is how I have changed (NOT added) my password:

Code: Select all

# passwd
Changing password for root
New password: 
Retype password: 
Password for root changed by root
# 
Last edited by L18L on Tue 29 May 2012, 11:05, edited 1 time in total.

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#7 Post by Smithy »

I haven't tried uninstalling Norton, Lobster, should imagine it would involve delving in the registry to properly get rid, but they swear by it, so who am I to argue...and they always have Norton phone number for scream therapy, when one of their update servers has gone down, and the vista world is in turmoil...

I don't really mind what operating system is on a computer, I really like a modified 98se with Kernel EX, 'cos it supports me 'ol Lexicon Soundcard and it's only a coupla hundred meg, in fact I think Win 98 was micro$oft's finest hour, (gonna get flamed, ha ha).

Macs just do the job.

Puppy is great, only thing is the uninstall is terrible, partly because I don't know where everything goes, but I am sure there are bits left, like when I put Ardour on, there was loads of stuff still lurking in there.

So maybe pets should say:
"So.. you want to COMPLETELY remove everything the pet has installed huh? Ok no problemo, give me a sec".

So this one is established
1.
THE PUPPY LINUX FIREWALL IS PERFECTLY ADEQUATE FOR EVERYDAY USE.

So is a password good for internet protection, or is it just in case someone is sharing your computer and you don't want them to screw up the save file or settings?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#8 Post by Lobster »

So is a password good for internet protection, or is it just in case someone is sharing your computer and you don't want them to screw up the save file or settings?
Like most Puppys I have and require 'No password'. :wink:
Passwords gives a slight added level of security for Lan or Internet but is minimal for a determined cracker.

The mentioned ability to add a password may be augmented by our fido development in the future (giving us the ability to run as admin or as a password protected user). This is really for reviewers and the Penguin paranoids who have been indoctrinated to believe that running as root is the equivalent of being an ignorant Windows patsy.

I always run as root. It is my computer. My choice.

If you are sharing your single user computer than save and encrypt
separate users. Job done.

I don't encrypt either.

Gosh the NSA must be so relieved . . . whilst they write flame2 and beyond for Windows, Ubuntu and Apple devices
http://www.ynetnews.com/articles/0,7340 ... 31,00.html

:)

Puppy
Truly Penguin
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

postfs1

Re: How does the Puppy Linux Firewall work?

#9 Post by postfs1 »

Smithy wrote:How does the Puppy Linux Firewall work?
If a "Quirky Puppy Linux - 1.40" user wants to see how the Puppy Linux Firewall works then the user can type in the box of "urxvt" program: iptables -L -n

If there is a need to change settings of firewall then the user can use "FWBuilder" program or other things which give possibilities to make changes, for example: a knowing of commands of the "iptables" program.

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#10 Post by Smithy »

That's a good little tip postfs1.

Anyways, as long as the firewall works okay, that'll do. The Custom setup routines are really neat once you know what to put in.

The resources (he, she, it, they?) used to make a 20mb harvester must have been massive.

Maybe they should just send that robot lady in from Mars Attacks posing as a nuclear scientist to check it out, or even try a bit of diplomacy, engender a bit more trust...

This is going way off topic tho'!
I blame the Lobster!

postfs1

Re: How does the Puppy Linux Firewall work?

#11 Post by postfs1 »

Smithy wrote:How does the Puppy Linux Firewall work?
Addition Image

OS: "Quirky Puppy Linux - 1.40"
Install_FA--for_QBF--sr0.sh

Code: Select all

#!/bin/bash
#
#FA = Firewall Addition
#
#QBF = Quirky Built-in Firewall
#
# # #
#
#du -a /proc/sys/net/ # <--- Will show the places for parameters
#The interesting one: /proc/sys/net/ipv4/tcp_max_syn_backlog
#
# # #
#
#
echo '[Desktop Entry]' > /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Name=More Linux Firewall Wizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Comment=Addition to Linux Firewall Wizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Icon=/usr/local/lib/X11/mini-icons/wizard16.xpm' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
#
#Don't touch this >>>
#Exec=bash -c 'rxvt --geometry 55x20 -e bash -c "dialog --title "To reply on pings: NO or YES." --radiolist "Variants" 15 53 10 "\`echo -e ""'\''"Deactivate the replies on PING queries"'\''""\` >&/dev/null ; bash -c "'\''"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 ; sysctl -w net.ipv4.conf.all.accept_redirects=0 ; sysctl -w net.ipv4.conf.all.send_redirects=0 ; sysctl -w net.ipv4.conf.all.accept_source_route=0 ; sysctl -w net.ipv4.conf.all.forwarding=0 ; sysctl -w net.ipv4.conf.all.rp_filter=1 ; sysctl -w net.ipv4.conf.all.log_martians=1 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1280 ; sysctl -w net.ipv4.icmp_echo_ignore_all=1 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1"'\''" " ":" on "\`echo -e ""'\''"Activate the replies on PING queries"'\''""\`   >&/dev/null ; bash -c "'\''"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ; sysctl -w net.ipv4.conf.all.accept_redirects=1 ; sysctl -w net.ipv4.conf.all.send_redirects=1 ; sysctl -w net.ipv4.conf.all.accept_source_route=1 ; sysctl -w net.ipv4.conf.all.forwarding=1 ; sysctl -w net.ipv4.conf.all.rp_filter=0 ; sysctl -w net.ipv4.conf.all.log_martians=0 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1024 ; sysctl -w net.ipv4.icmp_echo_ignore_all=0 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=0"'\''" " ":" off 2>/tmp/.pmt.w" ; chmod u+x /tmp/.pmt.w ; sh /tmp/.pmt.w ; rm /tmp/.pmt.w ; bash -c "`Xdialog --inputbox "And now, the firewall can be tested. -=/Services/ShieldsUP=- is the choice." 8 80 "bash -c "'\''"/usr/bin/icecat-3.6.16-i686/icecat -width 1010 -height 710 http://www.grc.com/privacy.htm"'\''"" 2>&1`"'
grep "\-\-radiolist" /mnt/sr0/_Files/Firewall_Addition--Quirky_Built-in_Firewall/Install_FA--for_QBF--sr0.sh | grep -v "Install_FA--for_QBF--sr0.sh" | sed 's/#//' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
# <<<
echo 'Terminal=false' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Type=Application' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Encoding=UTF-8' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
echo 'Categories=X-SetupWizard' >> /usr/share/applications/Addition_to_Lx-Fl-Wd.desktop ;
#
fixmenus ;
xmessage "-=More Linux Firewall Wizard=- program has been installed." `jwm -display :0.0 -restart` ;
rox --pinboard=/root/Choices/ROX-Filer/PuppyPin ;

Edit: 2012, may 30.

Another variant of the script's line(a few signs were replaced(2012, may 31)):

Code: Select all

#Exec=bash -c 'rxvt --geometry 56x20 -e bash -c "dialog --title "To reply on pings: NO or YES." --radiolist "Variants" 14 57 10 "\`echo -e ""'\'' "Deactivate the replies on PING queries"'\''""\` >&/dev/null ; bash -c "'\''"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 ; sysctl -w net.ipv4.conf.all.accept_redirects=0 ; sysctl -w net.ipv4.conf.all.send_redirects=0 ; sysctl -w net.ipv4.conf.all.accept_source_route=0 ; sysctl -w net.ipv4.conf.all.forwarding=0 ; sysctl -w net.ipv4.conf.all.rp_filter=1 ; sysctl -w net.ipv4.conf.all.log_martians=1 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1280 ; sysctl -w net.ipv4.icmp_echo_ignore_all=1 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1"'\''" " ":" on "\`echo -e ""'\'' "Activate the replies on PING queries"'\''""\`   >&/dev/null ; bash -c "'\''"sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ; sysctl -w net.ipv4.conf.all.accept_redirects=1 ; sysctl -w net.ipv4.conf.all.send_redirects=1 ; sysctl -w net.ipv4.conf.all.accept_source_route=1 ; sysctl -w net.ipv4.conf.all.forwarding=1 ; sysctl -w net.ipv4.conf.all.rp_filter=0 ; sysctl -w net.ipv4.conf.all.log_martians=0 ; sysctl -w net.ipv4.tcp_max_syn_backlog=1024 ; sysctl -w net.ipv4.icmp_echo_ignore_all=0 ; sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=0"'\''" " ":" off 2>/tmp/.pmt.w" ; chmod u+x /tmp/.pmt.w ; sh /tmp/.pmt.w ; rm /tmp/.pmt.w ; bash -c "`Xdialog --inputbox "And now, the firewall can be tested. -=/Services/ShieldsUP=- is the choice." 8 80 "bash -c "'\''"/usr/bin/icecat-3.6.16-i686/icecat -width 1010 -height 710 http://www.grc.com/privacy.htm"'\''"" 2>&1`"'
A script's content can be copied into text editor by means of <Quote> mode.
Last edited by postfs1 on Sat 01 Nov 2014, 22:53, edited 4 times in total.

Lazy JW
Posts: 70
Joined: Wed 21 Dec 2011, 15:17

#12 Post by Lazy JW »

Lobster wrote:Ever tried uninstalling Norton? ...
Yes. In my advanced computers class in college last winter. With the help of my instructor (who is also a diehard Linux fan, Red Hat, Ubuntu, etc.). We tried all of the "normal" means (Win 7) and Norton just refused to let go. I had recently introduced my instructor to Puppy Linux, and finally he said "Just boot that thing to Puppy and go in and delete the Norton files!" So I did, and it worked. The last time I saw him he was installing Slacko on a thumb drive 8)
Joe

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#13 Post by cthisbear »

Norton Removal Tool

the only way to go.

http://www.majorgeeks.com/Norton_Remova ... d4749.html

You probably need to run >> rkill

http://www.majorgeeks.com/RKill_d6848.html

or roguekiller

http://www.majorgeeks.com/RogueKiller_d6983.html

to stop the processes before running Nortons remover,

if you are having trouble uninstalling.

"""""""""

Majorgeeks...a great download page.

Has even mentioned Puppy occasionally.

http://www.majorgeeks.com/

Chris.

Post Reply