Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 24 Jun 2017, 23:48
All times are UTC - 4
 Forum index » Advanced Topics » Hardware » Networking
Peasy Firewall Monitor
Post new topic   Reply to topic View previous topic :: View next topic
Page 4 of 5 [75 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Author Message
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Tue 21 Feb 2017, 21:48    Post subject:  

slavvo67 wrote:
Actually, the above might be a Peasyport issue. When I removed the firewall, Peasyport only reported back the ports above as being opened.

That's exactly how it should be. A port only opens if there is a service using it. Were you expecting to see all 1024 standard ports open?

Quote:
Practical value is say you're using Python Simple Server. No?

Suppose you have Python Simple Server running on port 8000. So you allow that port on the firewall. All the firewall is now doing is blocking a bunch of other ports that aren't active anyway.

The value of the "trusted LAN" procedure is that it allows traffic through whatever ports you choose to open to anyone on the LAN, without having specify them individually.

It also lets you communicate with network devices that might be advertising their presence on ports that you don't know about.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Tue 21 Feb 2017, 21:56    Post subject:  

Quote:
The value of the "trusted LAN" procedure is that it allows traffic through whatever ports you choose to open to anyone on the LAN, without having specify them individually.


Forgive me, as networking has been one of my many weaknesses. So, you're opening the trusted LAN so if I open let's say Port 8000 on one computer, I can go to 198.162.0.0:8000 without having to open that port through the firewall and it will work because the computers are on the same local network?

Maybe you can give an example of how it would be used?
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Tue 21 Feb 2017, 22:05    Post subject:  

Exactly.

But here is something else to consider. Assuming that you are on a LAN behind a router, the ONLY computers that can see the server are those on the LAN. In which case, why do you need a firewall in the first place?

Quote:
Maybe you can give an example of how it would be used?


The objective of PFM is to give people who absolutely insist on running a firewall a tool that works, even though they don't need it.

The only people who might need a firewall are those with a public IP address and are directly exposed to the Internet. But they shouldn't have any ports open anyway because they aren't sharing anything.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Tue 21 Feb 2017, 22:13    Post subject:  

Wow! Like if I tree falls in the woods and nobody is there to hear it, does it make a sound? Very enlightening. Thank you and thank you for the excellent tool!
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Tue 21 Feb 2017, 22:19    Post subject:  

PFM began in 2013 because people were getting confused by the various Puppy firewalls. They couldn't get file/print sharing to work because the firewall was blocking it, even though they were certain that the firewall was off.

They needed a diagnostic tool that could show them EXACTLY what the firewall was doing.

Consider this: you install the firewall because you are concerned that malicious outside users can somehow "see into your computer". You then set up a SAMBA server to share data with your family, so you open Port 139 on the firewall. You just exposed all that data to those malicious users! Meanwhile, the firewall is protecting a bunch of other ports that aren't even active.

The firewall is having the opposite effect of what you want. The only thing that makes any sense is Trusted LAN.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Wed 22 Feb 2017, 21:57    Post subject:  

One of the unexpected benefits of using your PFM was being able to simply use Plex with the build firewall for trusted LAN option. Streaming to my Roku just opened a new door.

I did come across an issue, today but I'm not sure if it's because of PFM or if it was my network. I was using a hotspot (phone) and for some reason, I think PFM was blocking it. The reason I think it was PFM is because when I shutdown the firewall and ran the usual linux firewall, my web started working. Like I said, it could have been my hotspot not working quite right but I'll test some more during the week and report back.

Thanks again,

Slavvo67
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Wed 22 Feb 2017, 22:05    Post subject:  

If you had Trusted LAN set for your home network, then tethered to your phone, you are now on a different network. You would need to run Trusted LAN again to allow the new network.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Wed 22 Feb 2017, 22:10    Post subject:  

No, this was at work; not using trusted LAN but launching the firewall with PFM. So, I did a complete shutdown of the firewall and used PFM to launch the regular firewall. Again, it could be me and my hotspot so I will test some more...

Thanks again!
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Wed 22 Feb 2017, 22:46    Post subject:  

Actually, this raises an interesting question. If you join some other network, like a public hotspot, you probably DON'T want to be using Trusted LAN. You would be better off running the default maximum firewall. Let me get back to you on this.

If you run PFM for the first time and create the initial firewall, you get exactly the same one as if you run the Linux Firewall app from the Network menu.

[Edit] What Puppy are you using?
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Thu 23 Feb 2017, 00:00    Post subject:  

PFM v1.9 posted above. See the Update note.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Thu 23 Feb 2017, 00:35    Post subject:  

Actually Quirky Xerus 64bit. Actually my derivative RU Xerus64 but same thing, more or less. Actually, I can't wait to get any kinks out and add it to WoofQ and use it in my next update....
Last edited by slavvo67 on Thu 23 Feb 2017, 00:42; edited 1 time in total
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Thu 23 Feb 2017, 00:38    Post subject:  

Quote:
If you run PFM for the first time and create the initial firewall, you get exactly the same one as if you run the Linux Firewall app from the Network menu.


I'm not doubting you but there seems to be an inconsistency with that statement. I'll continue to test.

Is your update on page 1 64bit? - Thanks

Also,would you consider an icon update when say the firewall is temporarily shutdown. It would be nice to have that as a graphic indicator on screen.
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Thu 23 Feb 2017, 00:51    Post subject:  

If you run the traditional Linux Firewall app from the Network menu and select "Automagic", it generates the script /etc/rc.firewall. When this script is run, it starts the firewall in your current session.

PFM uses that exact same script to build its initial firewall. It simply modifies the script to make Trusted LAN.

Quote:
Is your update on page 1 64bit?

I will do that next on the page 3 download.

Quote:
Also,would you consider an icon update when say the firewall is temporarily shutdown. It would be nice to have that as a graphic indicator on screen.

That's not going to happen. This has been the cause of problems in the past - when the icon gets out of sync with the actual status of the firewall. It's not worth the amount of code and CPU cycles needed to keep it in sync when all you need to do is click your mouse to get all the information.
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 11339
Location: Stratford, Ontario

PostPosted: Thu 23 Feb 2017, 09:47    Post subject:  

@slavvo67: I found a bug that sometimes prevents the firewall from auto-starting on the next boot. It is fixed in the 64bit v1.9 posted above.
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1378
Location: The other Mr. 305

PostPosted: Thu 23 Feb 2017, 15:05    Post subject:  

Okay. I found it on page 3 and downloaded. I'll continue to test. Necessary or not, it's a very nice polished product. I think that I'll continue using it going forward. Will you continue to provide updates on the 64 bit version?

Again, very much appreciated.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 4 of 5 [75 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Hardware » Networking
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0734s ][ Queries: 14 (0.0161s) ][ GZIP on ]