I searched the forum and was reading many useful thread about security.
Well, I belong that few who are worrying about surfing the web and let Puppy has been running with root privileges.
I understand it's the feature of puppy but I want make it as safe as it's possible.
There's a Linux-Firewall Wizard in 'setup' submenu. I would like to install it. Before I do that I would like to collect some info about the program.
I hope there's someone who has tried Linux Firewall with puppy. Would somebody share his/her experiences with me/us?
Thanx in advance,
eMeRy
Linux firewall
The firewall wizard default mode will close all ports thus making you invisible on the net except with regard to pings, which it responds to.eMeRy wrote: As firewall only close some ports, I think the net connection won't slow down. Is it true?
eMeRy
I don't understand your question about the firewall "only closing some ports" and what that has to do with the speed of your connection. The firewall wizard default mode does in fact close most all ports (though you can still use your browser obviously), but the firewall's closing of the ports does not affect the connection speed. It doesn't work that way. I think if you run the firewall wizard and set it to default mode, then go to a security testing site and run the tests, you'll see what I'm talking about. Also your speed will be unaffected by the firewall. If you choose to run an app that requires certain ports open (such as bittorrent) that is easy, just run the wizard again and choose Custom and follow the directions to open the port(s) you need. Alternatively, you can edit the firewall rules directly with a text editor one you know what the wizard is doing.
Thanks for your explaination.
I was worriing that firewall affects the connection speed. Now I understand it does not.
Meantime I've run the FW wizard in default mode. I see it is easy to change the FW rules.
Does it have log file where I can check its activity? Does it have an alarm sign case of attack?
eMeRy
I was worriing that firewall affects the connection speed. Now I understand it does not.
Meantime I've run the FW wizard in default mode. I see it is easy to change the FW rules.
Does it have log file where I can check its activity? Does it have an alarm sign case of attack?
eMeRy
the firewall doesn't have any alarm if something goes wrong, but you can enable logging. I would suggest looking here: http://projectfiles.com/firewall.
as to what i wrote earlier about how Linux Firewall is easy to configure for bittorrent -- I RECANT! lol
While it is very easy to use the firewall wizard to open the ports you need, my experience was not at all pleasant when it came to allowing incoming connections on the ports(s). In my setup this is not a port forwarding issue as I have a direct connection from my computer to the modem (a normal cable modem, not one of the fancy router-modem combos); this is a something else. The firewall would allow BitTorrent and Azureus to download files but both clients complained that they could not receive incoming connections -- which is half of the power of bittorent.
And the bittorrent clients were configured correctly because I installed Firestarter firewall and they ran fine.
One last thing: I noticed with Linux Firewall that it would not allow me to set any ALLOW_INBOUND="". It complained of the wrong format being used. I searched the forums at projectfiles.com/firewall and did not find any useful info.
I'd be very interested to find out if anyone can get, say, BitTorrent or Azureus working properly with Linux Firewall (any version). By working properly I mean the clients accept inbound connections.
After messing with this for too long I was directed to find morizot firewall (the firewall used in puppy versions 1.0.6 and before) using the Pupget Manager. It created /etc/rc.d/rc.firewall-morizot which I then opened as text and edited pupTCP_ALLOW_PORTS="" to the bittorrent ports, edited pupUSE_IRC="yes", saved, and then: rc.firewall-morizot at the command line and guess what, it works perfectly (so far!). Grc shields up shows full stealth and BitTorrent allows both inbound and outbound connections.
So if you are having a similar problem then try morizot (no wizard and you will have to edit the file if you want to open ports; may need to edit rc.local too to run at boot)
as to what i wrote earlier about how Linux Firewall is easy to configure for bittorrent -- I RECANT! lol
While it is very easy to use the firewall wizard to open the ports you need, my experience was not at all pleasant when it came to allowing incoming connections on the ports(s). In my setup this is not a port forwarding issue as I have a direct connection from my computer to the modem (a normal cable modem, not one of the fancy router-modem combos); this is a something else. The firewall would allow BitTorrent and Azureus to download files but both clients complained that they could not receive incoming connections -- which is half of the power of bittorent.
And the bittorrent clients were configured correctly because I installed Firestarter firewall and they ran fine.
One last thing: I noticed with Linux Firewall that it would not allow me to set any ALLOW_INBOUND="". It complained of the wrong format being used. I searched the forums at projectfiles.com/firewall and did not find any useful info.
I'd be very interested to find out if anyone can get, say, BitTorrent or Azureus working properly with Linux Firewall (any version). By working properly I mean the clients accept inbound connections.
After messing with this for too long I was directed to find morizot firewall (the firewall used in puppy versions 1.0.6 and before) using the Pupget Manager. It created /etc/rc.d/rc.firewall-morizot which I then opened as text and edited pupTCP_ALLOW_PORTS="" to the bittorrent ports, edited pupUSE_IRC="yes", saved, and then: rc.firewall-morizot at the command line and guess what, it works perfectly (so far!). Grc shields up shows full stealth and BitTorrent allows both inbound and outbound connections.
So if you are having a similar problem then try morizot (no wizard and you will have to edit the file if you want to open ports; may need to edit rc.local too to run at boot)