> Luca Ferrari wrote:
>> Hi,
>> I'd like to know if there is any specific "fork" of ubuntu for firewalls
>> and
>> if the server edition has enough capabilities to play as firewall,
>> and/or
>> which addons you believe are a must for such machine.
>
> Certainly, you can use Ubuntu Server as a firewall. iptables is
> installed in all Ubuntu versions
> (https://help.ubuntu.com/community/IptablesHowTo), though it will not do
> anything by default. There are various ways to configure it, some of
> which require installing software, but you shouldn't need anything
> outside the repos to setup even a fairly complex firewall.
>
> Matt Flaschen
Why not take a look at Untangle (http://www.untangle.com). It's a free
Ubuntu based firewall/network security distro. The interface mskes it
extremely easy to use.
Guy
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
03-02-2009, 04:47 PM
Karl Auer
ubuntu on firewalls
On Mon, 2009-03-02 at 12:25 -0500, Matthew Flaschen wrote:
> > I'd like to know if there is any specific "fork" of ubuntu for firewalls and
> Certainly, you can use Ubuntu Server as a firewall.
> [...]
> you shouldn't need anything
> outside the repos to setup even a fairly complex firewall.
Very few of the repo solutions know about IPv6 (in fact, I'm not sure
any of them do). Which means IPv6 will pass through your interfaces
unhindered and unseen :-)
Firewall Builder 3 is the only one that I know for a fact fully supports
ip6tables, because I use it! It is in the repos, but the version in the
repos does not (or does not properly) support IPv6.
You need at least nightly build 770. FWBuilder is distributed as a .deb
among other things, so it integrates nicely with Ubuntu, or you can
build from a tarball, which is also fairly straightforward.
If you have no interest in IPv6 (which would be extremely shortsighted
of you these days), the net abounds with ways to turn it off. Or you can
just block it completely with a handwritten three-line script to set the
policy to DROP.
Guy Thouret wrote:
> Why not take a look at Untangle (http://www.untangle.com). It's a free
> Ubuntu based firewall/network security distro. The interface mskes it
> extremely easy to use.
What makes you say it's based on Ubuntu? According to
http://wiki.untangle.com/index.php/Upstream_Projects it's actually based
on Knoppix and thus Debian Sarge. Moreover, it appears to be more of a
fork than a "variant" like e.g. Ubuntu JeOS or Ubuntu Studio.
Matt Flaschen
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
03-02-2009, 04:59 PM
Matthew Flaschen
ubuntu on firewalls
Karl Auer wrote:
> Firewall Builder 3 is the only one that I know for a fact fully supports
> ip6tables, because I use it! It is in the repos, but the version in the
> repos does not (or does not properly) support IPv6.
Do you have a bug report for this?
Matt Flaschen
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
03-02-2009, 05:07 PM
Karl Auer
ubuntu on firewalls
On Mon, 2009-03-02 at 12:59 -0500, Matthew Flaschen wrote:
> Karl Auer wrote:
> > Firewall Builder 3 is the only one that I know for a fact fully supports
> > ip6tables, because I use it! It is in the repos, but the version in the
> > repos does not (or does not properly) support IPv6.
>
> Do you have a bug report for this?
No - because it's not really a bug. It's just that the repos have older
versions. Most stuff in the repos is months if not years behind the
current versions; for 99% of stuff, that's no problem. For firewalls,
firewall managers and security software in general it's generally best
to get the latest stuff, and that probably isn't in the repos...
> On Mon, 2009-03-02 at 12:59 -0500, Matthew Flaschen wrote:
>> Karl Auer wrote:
>> > Firewall Builder 3 is the only one that I know for a fact fully
>> > supports ip6tables, because I use it! It is in the repos, but the
>> > version in the repos does not (or does not properly) support IPv6.
>>
>> Do you have a bug report for this?
>
> No - because it's not really a bug. It's just that the repos have older
> versions. Most stuff in the repos is months if not years behind the
> current versions; for 99% of stuff, that's no problem. For firewalls,
> firewall managers and security software in general it's generally best
> to get the latest stuff, and that probably isn't in the repos...
I have to quibble. Yes, Ubuntu (and all Debian-based distros - in fact
probably _all_ distros) is a bit behind the leading edge. And yes, you
want your security software to have all the latest vulnerabilities fixed.
But the two aren't incompatible, and when a security advisory is issued, the
necessary patches are generally made to the _old_ software.
--
derek
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
03-02-2009, 08:59 PM
Karl Auer
ubuntu on firewalls
On Mon, 2009-03-02 at 15:41 -0400, Derek Broughton wrote:
> >> > Firewall Builder 3 is the only one that I know for a fact fully
> >> > supports ip6tables, because I use it! It is in the repos, but the
> >> > version in the repos does not (or does not properly) support IPv6.
> >>
> >> Do you have a bug report for this?
> >
> > No - because it's not really a bug. It's just that the repos have older
> > versions. Most stuff in the repos is months if not years behind the
> > current versions; for 99% of stuff, that's no problem. For firewalls,
> > firewall managers and security software in general it's generally best
> > to get the latest stuff, and that probably isn't in the repos...
>
> I have to quibble. Yes, Ubuntu (and all Debian-based distros - in fact
> probably _all_ distros) is a bit behind the leading edge. And yes, you
> want your security software to have all the latest vulnerabilities fixed.
>
> But the two aren't incompatible, and when a security advisory is issued, the
> necessary patches are generally made to the _old_ software.
Of course. But not supporting IPv6, while it is a security *issue*, is
not really a security *bug*. It's more like lack of a security
*feature*, and new versions of things don't get added to Ubuntu release
repositories just because they get new features.
On Mon, 2009-03-02 at 12:57 -0500, Matthew Flaschen wrote:
Guy Thouret wrote:
> Why not take a look at Untangle (http://www.untangle.com). It's a free
> Ubuntu based firewall/network security distro. The interface mskes it
> extremely easy to use.
What makes you say it's based on Ubuntu? According to
http://wiki.untangle.com/index.php/Upstream_Projects it's actually based
on Knoppix and thus Debian Sarge. Moreover, it appears to be more of a
fork than a "variant" like e.g. Ubuntu JeOS or Ubuntu Studio.
Matt Flaschen
I went to a presentation on Untangle a few months back and I'm sure I remember the guy from Untangle say it was Ubuntu based.* I'm probably wrong, my mistake.
Guy.*
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
03-02-2009, 11:50 PM
NoOp
ubuntu on firewalls
On 03/02/2009 09:03 AM, Luca Ferrari wrote:
> Hi,
> I'd like to know if there is any specific "fork" of ubuntu for firewalls and
> if the server edition has enough capabilities to play as firewall, and/or
> which addons you believe are a must for such machine.
>
> Thanks,
> Luca
>
In addition to what others have said, you can have a look at all of the
firewall related software available here:
ubuntu on firewalls
