Thread replies: 59
Thread images: 2
Thread images: 2
File: 6LNXb8E.gif (470KB, 512x288px) Image search:
[Google]
470KB, 512x288px
>Every debian firewall I find is meant for a server so I ask on linux forums for a personal firewall that can block on application basis
>Get told I don't need one, it goes against philosophy and I shouldn't install programs I don't trust anyway and am basically retard for even asking
Am I in the wrong here?
>>
>>61831714
>on application basis
I think there was an iptables module for this but it got removed
you can filter things on a per-user basis though, and you can run your programs as another user
selinux might also be able to do this
>>
>>61831714
>Am I in the wrong here?
Yes.
>>
>>61831714
No, you're not in the wrong for asking. But, you're in the wrong for using debian.
>>
>>61831786
To be more precise. You want to do something with firewall, when it should be done with sandboxing (when security will be serious and sandboxing will be implement in all the kernels).
>>
>>61831714
https://pypi.python.org/pypi/firewall :^)
Dont listen to debian faggots. They should all an hero like their [FMR] lead dev.
>>
>>61831714
Depends on the wording you used.
>>
File: 1patrick.jpg (52KB, 640x632px) Image search:
[Google]
52KB, 640x632px
>>61831780
>selinux
>trusting an NSA backdoor
>>
>>61831714
You really don't need one since you'd be retarded if you used software you can't trust. But you can always monitor your traffic and block IPs which you don't trust, which is more effective anyway.
>>
>>61831817
>a firewall is just to stop wirus
nigger. Its mighty summer.
>>
>>61831838
What else do you need it for?
>>
>>61831817
>You really don't need one since you'd be retarded if you used software you can't trust.
This always sounds like an excuse for an fuckup than an actual advice. Either you install '''legitimate''' software or random shit from pornsites. That's like solving chinese people-eating escalator by putting 'On your own safety' sign in front of it. I mean even Oracle puts toolbars into default java installation, how can I trust some random utility doesn't sellout in a new update? Some people here still nonironically tell to install ghostery even though it's botnet.
>>
>>61831817
What is some good GUI traffic monitor?
>>
Fedora comes with a user-friendly firewall that allows you to block applications.
>>
>>61832119
Netstat and tcpdump
>>
>>61832119
Use your router
>>
>>61831808
AppArmor then.
>>
>>61832119
Wireshark
>>
Huh? Why do you want a firewall without knowing what you'll use it for?
Unless you implement the policies for each program yourself, it won't prompt you like with Windows.
>>
>>61832084
does ublock origin take over what ghostery did before they sold out?
>>
>>61831714
Get opensnitch duh
>>
Run untrustworthy applications in virtual machines or Docker containers
>>
>>61831876
Maybe anon needs it for making a program shut up. No ping ping home and no outside connection in.
>>
>>61831714
your router/modems firewall should be plenty
>>
this is a big issue with linux
my suggestion is to use UFW but know that you won't really get a satisfactory solution unless you waste loads of time on it
>>
>ask how to do X
>some fuck tells me I shouldn't
>most upvoted comment
Nigger, that's not what I asked. Why can't retards mind their own business and answer the damn question?
If I'm asking how to do something, I probably have a good reason to do it. Fuck
>>
>>61836209
le FOSS community :^)
>>
>>61836025
The point is why would you use such software in the first place?
>>
>>61836241
no the point is he doesn't need to justify what he uses or what he wants to do to some judgmental linux asshat
>>
>>61836363
>I want to run malware, how do I do it safely?
>but you shouldn't do that in the first place
>REEEE why don't you help me infect my PC!
I guess there's no saving retards.
>>
>>61836514
>everything I don't approve of is malware
ok chief
>>
I've seen this happen on XDA countless times as well, being pajeet central I kinda expected it but it happening on linux forums suprises me.
>>
>>61836514
>I can only use mobile data at the moment, how can I make sure some background process doesn't waste them?
>REEEE you shouldn't install software that does that than
thank you very much
>>
>>61835776
thanks looks pretty cool but it's also rather new thing and I read on reddit that it only filters dns requests and is not really a firewall? I don't really understand this, but I was thinking by year 2017 there would be some mature solution for this lol
>>
>>61836684
>background process
Disable it.
>>
>>61836779
Never though of that one bro
>>
>>61836749
iptables was in the first answer
>>
>>61836842
No problem. Thread closed.
>>
Linux lacks at application sandbox. You should be able to firewall on chroot, docker (and other containers) level, maybe Firejail. OpenSnitch is young project. Not sure how SubgraphOS's sandbox is portable.
Or just static IPtables rules (gufw frontend eventually) and block as much as possible. Debian's wiki has good article on iptables configs.
>>
>>61837160
>Linux lacks at application sandbox.
replace Linux by Every kernel on earth
>>
>>61831714
holy shit, just use iptables
>>
>>61831876
firewalls dont stop viruses, they control the flow of network traffic
i mean, maybe you can indirectly block viruses by communicating, but a firewall isnt for mitigating viruses at all, they are for controlling network traffic. A well configured firewall will stop a virus from communicating, but the firewall isnt stopping the virus, its stopping the communication channel.
>>
>>61837160
Linux, the kernel, actually provides the necessary interfaces for application sandboxing
>>61837160
>Linux lacks at application sandbox.
https://firejail.wordpress.com/
>>
>>61831714
>Application
You're looking for a WAF.
>>
>>61837160
>Firejail
I want to recommend this application so badly but my conscience won't let me. Firejail uses all the sandboxing features available in the Linux kernel, and it's very easy to use ( open a terminal and type firejail firefox, or whatever application you want to sandbox), boom, done. The bothersome issue to me, though, is who the hell made this software? I can not find a single name attributed to the project. Am I being ridiculous here? This strikes me as really, really, odd.
>>
>>61831876
Data wasting on mobile, prevent accidentally seeding torrent on uni wifi, blocking my wife from looking on haram content, or simply wanting to have control over your network for the sake of it? Why is everybody triggered over concept of personal firewall?
>>
>>61837536
>blocking my wife from looking on haram content
why not watch her look at it?
>>
>>61837536
not everyone is.
I use an Ordroid at home as my hardware firewall for my entire home network and a Raspberry pi 3 as a hardware firewall for my home server.
if you are smart enough to know how to properly configure and utilize a firewall they are great tools
>>
>>61837536
in addition to personal firewalls, personal DNS servers are the bees knees. you can block ad sites from resolving quite easily with the right DNS software... or in your case, you can block your wife from being able to resolve haram websites
>>
>>61837486
quit being lazy
man firejail or at least google it
>>
>>61837536
Your wife is a sovereign being with a free will of her own and you should feel bad for trying to control her. Get over yourself.
As far as sandboxing goes, I can vouch for firejail too, although I share the same concerns that the other anon had about its mysterious origins
>>
>>61837536
>data wasting
Only legit reason here. And iptables was already mentioned, which is what AFWall+ uses. DNS66 also denies traffic and per-app traffic on android, towards specific IP addresses.
>haram content
Gufw blocks this more efficiently. Alternative to it is hosts file or blocking domains on your router.
>accidentally seeding
If you don't seed then don't leech either, fag.
>>
>>61837621
I have Googled it. Netblue30 is credited with developing the software,Netblue30 could be anyone or anything. I'm sorry, but given the information Wikileaks has presented, I'm extremely suspicious of any software that comes from unknown entities. Especially, security software.
>>
>>61837758
>>61837582
>>61837224
Is everyone here completely nuts? Why are you talking about android firewalls? You can't block individual programs with gufw or iptables, all I find are some random posts about running things that I don't want to have access in a group that I block but that's not what I want and completely ad-hoc. Same thing with firejail. There are tons of well made, user firendly firewalls on windows, android phones, what is the closest thing to it here?
>>
>>61838199
>firendly placebo firewalls
FTFY
>>
Douane
>>
>>61831714
>Am I in the wrong here?
>using Debian instead of Ubuntu
yes
only pseudo-intellectuals use debian over ubuntu to pretend they aren't brainlets
>>
>>61839458
Debian is free as in freedom by default.
Ubuntu is not.
Debian has a rolling release branch.
Ubuntu does not.
>>
>>61836209
The majority of people who do have a good reason will take the initiative to figure it out on their own rather than consulting 4chan.
Thread posts: 59
Thread images: 2
Thread images: 2