[Wylug-help] firewall issues

Sat Mar 18 13:03:08 GMT 2006

Hi,

I've combined comments from Adam and Lee into this e-mail. I did reply to  
Lee's message but, like a nana, didn't send it to the mailing list.

On Fri, 17 Mar 2006 17:24:49 -0000, Adam Greenwood  
<adam at greenwood-peace.org.uk> wrote:
> ... If the windows box can see the data via samba you'll be padlocking  
> your side door and leaving the front door wide open.

Sorry, I was unclear there. The sensitive data is not shared by the samba  
server. I used the example of the samba to greate a good impression of my  
technical mastery of firewalls in Linux. Lee politely deflated this by  
pointing out that I didn't realise SuSEfirewall2 is a front end to  
iptables. The only reason I'm using Samba is so the windows box (that has  
the printer attached) can see my exported PDFs and print them. The printer  
is too new to have (stable) support in Linux.

Instead of sensitive data, I should have said key logging. So I  
inadvertently install something on my linux installation that starts key  
logging. It sends out my online banking passwords. Hackers in Croatia are  
shocked at the pitiful rates of interest I receive on my current account.

> ... The router option would be better as it prevents any traffic leaving  
> your linux box even if your box has been rooted - a firewall on the box  
> can be turned off if the box has been

Lee Evans:
> Maybe - depends on the router. Some of the more basic models don't allow
> configuration of outgoing firewall rules. If you can, that would strike  
> me
> as being more sensible as it would cover your windows box as well.

I'm coming round to think that it's the best approach. The other point  
that Lee raised was:

Lee Evans:
> which would stop your machine sending out IRC traffic, which is fairly
> common behaviour for trojans. Of course, if you want to use IRC yourself
> then that pretty much scuppers you, but it's fairly sensible to block all

which is true. I do use IRC, ftp, mail etc so I don't want to block those  
ports.

This now brings me to another question. Some windows firewalls can not  
only block outgoing on a port basis but also on an application basis. So  
some applications can have access to certain ports. Are there such  
products for Linux? I'm only asking out of curiousity. I definitely don't  
need one.

> compromised. However, if your linux box cannot be seen from outside, all

No, the box is not in the DMZ of the router. At most I may forward ports  
 from router but since the only likely reasons are peer-to-peer file  
sharing (I have no interest in) or online gaming (my reaction times are  
too slow) then this will probably never happen.

> ... In the end locking everything down that can be locked down can't be  
> a bad idea.
and Lee Evans:
> Unless you are concerned about threats on your LAN you perhaps don't need
> to run the firewall on the linux box at all.

Do I need to run a firewall? Since I'm using a router, it's probably not  
essential but since the installation switched it on for me and it's not  
inconveniencing me then I don't mind.

Thinking more about blocking local outgoing traffic - I'm not sure I  
should worry about it. Since it's inconvenient to block the most likely  
used ports for trojans then what am I gaining?

Thanks for the replies,

J.

-- 
Justin Ware
justinware at onetel.com