13 Jan 2008

Addign Broadcast to GUARDDOG

After installing GUARDDOG,
if you have DHCP and are experiencing those messages
DROPPED IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:c0:49:d3:6a:74:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2

that means the DHCP on
192.168.1.1 is sending you messages ...

to allow this traffic beetwen Client and DHCP Server,
just add a new zone, eg:
Name = DHCP
Address = 192.168.1.0/24
Connection = Internet




12 Jan 2008

IPTables GUI - Lokkit, Firestarter, Guarddog

Lokkit Vs Firestarter Vs Guarddog

Many linux distros installs a firewall by default. Mainly IPTABLES.

If you're looking for a Grafical Interface to easy configure your firewall rules in IPTABLES, then those are the main 3 choices:

1- Lokkit (terminal & gnome)
2- Firestarter
3- Guarddog (kde)

4- $ iptables
5- conclusions

--------

1- Lokkit (Terminal & GNOME)

The easiest one.
A wizard will guide you through few questions and will reconfigure IPTables for you.
Lokkit has a console and a gnome version:









The point is that, in case you need more control over the rules, this is not for you!

Here is an explanation guide

Note for Ubuntu users
: use Synaptic to install it, then go to
Menu -> applications -> Other -> Lokkit

--------

2- Firestarter

A nice one.
It provides a GUI for configuring rules and settings on IPTables.
Certainly more configurable than Lokkit, and allows to set up 95% of the rules for a normal use needs.

  • has a log window of "active connection" and "Real time Events" allowing to quickly check what's goin on;
  • add a very useful tryicon to open it in a click;
  • both inbound and outbound access policy;
  • Support for Denial of Service (DoS) attacks;
  • stealth ports;
  • whitelists and blacklists
  • ...
Here the main site.
Here the complete feauture list.

--------

3- Guarddog (KDE)

More professional...

If you are looking for something a bit more professional, then go for Guarddog (which is a KDE Gui).
Guarddog goes a bit deeper respect to Firestarter.
The 2 main differenced are
  1. Guardog doen't have a realtime event viewer (obviously you still can keep realtime infos "tailing" the logs in a terminal window);
  2. Guardog has more config options (Eg: NAT rules, connection tracking ...);








  • for KDE 2 or 3;
  • generates scripts for ipchains and/or iptables;
  • can create different zones with different policies;
  • Import/Export firewall scripts;
  • ipchain and iptables support;
  • ...
Here the homepage
Here the main feautures list
Here a well documented tutorial

--------

4- $ iptables

If you still prefer to do it by yourself, here you can find a nice HOWTO for strarting to learn the IPTABLES commands

--------

Conclusion

Lokkit

if you dont know or don't care too much about the firewall rules, and just want to add a firewall protection to you desktop.

Firestarter

if u want a full control of your firewall, and want to know in realtime what's going in/out and what's been blocked.

Guarddog

if you want a GUI that does almost the same as the $iptables command line, but don't wonna get crazy spending time to write 1 by 1 every single rule with $iptable on a console ... Guarddog will do it for you.

$ iptables

The old way. it controls everything.
But you still have to write everything by hands.


NNN