FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 03-02-2009, 04:41 PM
"Guy Thouret"
 
Default ubuntu on firewalls

> Luca Ferrari wrote:
>> Hi,
>> I'd like to know if there is any specific "fork" of ubuntu for firewalls
>> and
>> if the server edition has enough capabilities to play as firewall,
>> and/or
>> which addons you believe are a must for such machine.
>
> Certainly, you can use Ubuntu Server as a firewall. iptables is
> installed in all Ubuntu versions
> (https://help.ubuntu.com/community/IptablesHowTo), though it will not do
> anything by default. There are various ways to configure it, some of
> which require installing software, but you shouldn't need anything
> outside the repos to setup even a fairly complex firewall.
>
> Matt Flaschen

Why not take a look at Untangle (http://www.untangle.com). It's a free
Ubuntu based firewall/network security distro. The interface mskes it
extremely easy to use.

Guy


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 04:47 PM
Karl Auer
 
Default ubuntu on firewalls

On Mon, 2009-03-02 at 12:25 -0500, Matthew Flaschen wrote:
> > I'd like to know if there is any specific "fork" of ubuntu for firewalls and
> Certainly, you can use Ubuntu Server as a firewall.
> [...]
> you shouldn't need anything
> outside the repos to setup even a fairly complex firewall.

Very few of the repo solutions know about IPv6 (in fact, I'm not sure
any of them do). Which means IPv6 will pass through your interfaces
unhindered and unseen :-)

Firewall Builder 3 is the only one that I know for a fact fully supports
ip6tables, because I use it! It is in the repos, but the version in the
repos does not (or does not properly) support IPv6.

You need at least nightly build 770. FWBuilder is distributed as a .deb
among other things, so it integrates nicely with Ubuntu, or you can
build from a tarball, which is also fairly straightforward.

http://www.fwbuilder.org/nightly_builds/fwbuilder-3.0/

If you have no interest in IPv6 (which would be extremely shortsighted
of you these days), the net abounds with ways to turn it off. Or you can
just block it completely with a handwritten three-line script to set the
policy to DROP.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 04:57 PM
Matthew Flaschen
 
Default ubuntu on firewalls

Guy Thouret wrote:
> Why not take a look at Untangle (http://www.untangle.com). It's a free
> Ubuntu based firewall/network security distro. The interface mskes it
> extremely easy to use.

What makes you say it's based on Ubuntu? According to
http://wiki.untangle.com/index.php/Upstream_Projects it's actually based
on Knoppix and thus Debian Sarge. Moreover, it appears to be more of a
fork than a "variant" like e.g. Ubuntu JeOS or Ubuntu Studio.

Matt Flaschen

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 04:59 PM
Matthew Flaschen
 
Default ubuntu on firewalls

Karl Auer wrote:
> Firewall Builder 3 is the only one that I know for a fact fully supports
> ip6tables, because I use it! It is in the repos, but the version in the
> repos does not (or does not properly) support IPv6.

Do you have a bug report for this?

Matt Flaschen

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 05:07 PM
Karl Auer
 
Default ubuntu on firewalls

On Mon, 2009-03-02 at 12:59 -0500, Matthew Flaschen wrote:
> Karl Auer wrote:
> > Firewall Builder 3 is the only one that I know for a fact fully supports
> > ip6tables, because I use it! It is in the repos, but the version in the
> > repos does not (or does not properly) support IPv6.
>
> Do you have a bug report for this?

No - because it's not really a bug. It's just that the repos have older
versions. Most stuff in the repos is months if not years behind the
current versions; for 99% of stuff, that's no problem. For firewalls,
firewall managers and security software in general it's generally best
to get the latest stuff, and that probably isn't in the repos...

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 06:41 PM
Derek Broughton
 
Default ubuntu on firewalls

Karl Auer wrote:

> On Mon, 2009-03-02 at 12:59 -0500, Matthew Flaschen wrote:
>> Karl Auer wrote:
>> > Firewall Builder 3 is the only one that I know for a fact fully
>> > supports ip6tables, because I use it! It is in the repos, but the
>> > version in the repos does not (or does not properly) support IPv6.
>>
>> Do you have a bug report for this?
>
> No - because it's not really a bug. It's just that the repos have older
> versions. Most stuff in the repos is months if not years behind the
> current versions; for 99% of stuff, that's no problem. For firewalls,
> firewall managers and security software in general it's generally best
> to get the latest stuff, and that probably isn't in the repos...

I have to quibble. Yes, Ubuntu (and all Debian-based distros - in fact
probably _all_ distros) is a bit behind the leading edge. And yes, you
want your security software to have all the latest vulnerabilities fixed.

But the two aren't incompatible, and when a security advisory is issued, the
necessary patches are generally made to the _old_ software.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 08:59 PM
Karl Auer
 
Default ubuntu on firewalls

On Mon, 2009-03-02 at 15:41 -0400, Derek Broughton wrote:
> >> > Firewall Builder 3 is the only one that I know for a fact fully
> >> > supports ip6tables, because I use it! It is in the repos, but the
> >> > version in the repos does not (or does not properly) support IPv6.
> >>
> >> Do you have a bug report for this?
> >
> > No - because it's not really a bug. It's just that the repos have older
> > versions. Most stuff in the repos is months if not years behind the
> > current versions; for 99% of stuff, that's no problem. For firewalls,
> > firewall managers and security software in general it's generally best
> > to get the latest stuff, and that probably isn't in the repos...
>
> I have to quibble. Yes, Ubuntu (and all Debian-based distros - in fact
> probably _all_ distros) is a bit behind the leading edge. And yes, you
> want your security software to have all the latest vulnerabilities fixed.
>
> But the two aren't incompatible, and when a security advisory is issued, the
> necessary patches are generally made to the _old_ software.

Of course. But not supporting IPv6, while it is a security *issue*, is
not really a security *bug*. It's more like lack of a security
*feature*, and new versions of things don't get added to Ubuntu release
repositories just because they get new features.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 10:09 PM
Guy Thouret
 
Default ubuntu on firewalls

On Mon, 2009-03-02 at 12:57 -0500, Matthew Flaschen wrote:


Guy Thouret wrote:
> Why not take a look at Untangle (http://www.untangle.com). It's a free
> Ubuntu based firewall/network security distro. The interface mskes it
> extremely easy to use.

What makes you say it's based on Ubuntu? According to
http://wiki.untangle.com/index.php/Upstream_Projects it's actually based
on Knoppix and thus Debian Sarge. Moreover, it appears to be more of a
fork than a "variant" like e.g. Ubuntu JeOS or Ubuntu Studio.

Matt Flaschen





I went to a presentation on Untangle a few months back and I'm sure I remember the guy from Untangle say it was Ubuntu based.* I'm probably wrong, my mistake.



Guy.*


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-02-2009, 11:50 PM
NoOp
 
Default ubuntu on firewalls

On 03/02/2009 09:03 AM, Luca Ferrari wrote:
> Hi,
> I'd like to know if there is any specific "fork" of ubuntu for firewalls and
> if the server edition has enough capabilities to play as firewall, and/or
> which addons you believe are a must for such machine.
>
> Thanks,
> Luca
>

In addition to what others have said, you can have a look at all of the
firewall related software available here:

<http://packages.ubuntu.com/search?suite=all&arch=any&searchon=all&keywords=fi rewall>




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 05:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org