Personal Firewalls

Jason Edwards jtanium at
Wed Jan 23 09:23:58 MST 2008

Sorry, I assumed Chris would be looking for a graphical tool to manage
his firewall policies.  If you can handle it, iptables on the command
line is absolutely the way to go.

But for somebody coming from Windows, using Comodo (a GUI), I think
opening a terminal and typing an iptables command may be a little
intimidating.  If you just want really basic rules, and don't know
iptables, Firestarter would be a good way to go.


On Jan 23, 2008 9:04 AM, Joseph Hall <joseph at> wrote:
> On Jan 23, 2008 8:46 AM, Jason Edwards <jtanium at> wrote:
> > Firestarter ( would be something you could
> > use to manage iptables.  It won't show you an application and let you
> > make a policy based on that application, but you could figure out what
> > ports an application is using and and make policies based on that.
> I used to use Firestarter. I had so many problems, I eventually gave
> up and tried to kill it. Doing so ended up being an adventure of its
> own. Now I'm happy just using iptables from the command line. I think
> my mind works better at the command line anyway.
> > As far limiting executables launching other executables, you should be
> > able to do it with SELinux or AppArmor, though I don't know what tools
> > there are make that easier to manage.
> I missed that part of the original post. My bad. I haven't played yet
> with AppArmor, but SELinux is excellent at securing files and
> processes. Problem is, it's not the friendliest thing in the world to
> configure. And if your distro doesn't have decent policies written for
> it, I think you'll probably hate it.
> The latest versions of Red Hat (both RHEL and Fedora) have excellent
> SELinux policies written, and some excellent default iptables rules
> set up. I supposed by extension, CentOS does too. If you're not too
> attached to a different distro, they're definitely worth checking out.
> --
> Joseph
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

More information about the PLUG mailing list