Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Sep 2014, 08:22
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
firewall useless for puppy
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 13 Posts_count   Goto page: Previous 1, 2, 3, 4, ..., 11, 12, 13 Next
Author Message
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Mon 18 Apr 2011, 14:46    Post_subject:  

r1tz wrote:

Firewall = blocking of ports. (over simplifying... but that's basically it)

EDIT: i meant to say blocking of packets....

Firewall = blocking or allowing packets (net communication)

My firewalls both in Windows and various Linux distros both allow and block certain apps and certain IPs. I'm more concerned about outgoing than I am incoming so at the moment I have I think nine apps blocked from accessing the net. I have packets from some specific IPs blocked. A port open or closed or stealthed is not enough. What I want from a firewall is not "security" but to block certain outgoing requests, such as updates, and block known incoming spam. Blocking or hiding ports is trivial.

Just because something reports the firewall is off doesn't mean that it is off.
Back to top
View user's profile Send_private_message 
Béèm


Joined: 21 Nov 2006
Posts: 11782
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

PostPosted: Mon 18 Apr 2011, 16:32    Post_subject:  

sickgit wrote:
so basicly i dont care how much resources the firewall takes its not the point of the post.
I suppose you did ask the same question for Windows and OSX?
Please provide the answers to us here.

If you can't do this, then you are a waste of resources.

_________________
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
Consult Wikka
Use peppyy's puppysearch
Back to top
View user's profile Send_private_message 
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Mon 18 Apr 2011, 18:23    Post_subject:  

re: beem
I suppose you did ask the same question for Windows and OSX?
Please provide the answers to us here.

wtf does windows and osx have to do with puppy forum ? im not debating usefullness of firewall on windows only puppy. i suspect ppl who ask questions about windows on a puppy forum are mentally disabled in some way so it really doesnt matter what i type here in reply i doubt beem will understand it. he probably has a really huge forehead or has some gross disfigurement that interrupts his view of a screen when he types or doesnt understand english and has just copy and pasted random stuff in his post, maybe in an effort to impress other non english speaking people..

so no i didnt ask about windows and osx its a puppy forum. goto a windows forum and ask the question yourself if you think your doing the community a favour or need to answer a deep soul searching question such as that. i hear deep soul searching windows questions can change your view of the world in such a profound way you cannot explain it with words, so i will forgive you if you ask that question on a windows forum but cant quite put your answer into words when you go to explain your experience on this puppy linux thread.

i wish you all the best in life and hope you learn to live with or cure your current physical and or mental imparment.

You will be in all our prayers.

sickgut
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Mon 18 Apr 2011, 21:00    Post_subject: Re: firewall useless for puppy
Sub_title: prove me wrong
 

sickgut wrote:
I put it to the puppy communty that the firewall loading
as default on puppy is a waste of resources . . .


sickgut wrote:
Until i actually see proof of an actual threat that has
been weighed and balanced then i will maintain my statement that the
software firewall loading as default in puppy 5.25 is a complete waste
of resources
.


(Emphasis mine)

How about backing up your own claim? Can you do it? If not, don't make
the claim.
    1) What resources?

    2) How much resources?

    3) Can you measure them?

    4) How do you measure them?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Mon 18 Apr 2011, 21:36    Post_subject:  

r1tz wrote:
You can ask sshd to only allow certain IP address.

You are correct. I had forgotten sshd could do that.

r1tz wrote:
That is not the job of firewall.

I disagree, a firewall serves many purposes. Blocking specific IPs is one of them.


sickgut wrote:
so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it.
(...)
the sshd program itself provides the security.
(...)
but if you believe your sshd argument has weight then im sure that you can demonstrate a step by step way of accessing a linux system running sshd that is propperly configured and is password protected.
(...)
no use saying someone could do this or do that..... just do it and show us.

Attackers try to break into sshd with brute force all the time. I run two Web sites, I see their dozens or hundreds of attempts in the logs every day. Of course, they usually fail, but I am not comfortable with the idea of being attacked every day. Closing access to all but one IP address increases security. Of course, that approach is useless if you don't know from what IP you will be accessing sshd. It was just one specific case scenario.

sickgut wrote:
wtf does windows and osx have to do with puppy forum ? im not debating usefullness of firewall on windows only puppy. i suspect ppl who ask questions about windows on a puppy forum are mentally disabled in some way so it really doesnt matter what i type here in reply i doubt beem will understand it. he probably has a really huge forehead or has some gross disfigurement that interrupts his view of a screen when he types or doesnt understand english and has just copy and pasted random stuff in his post, maybe in an effort to impress other non english speaking people..

You insult people, write like a semi-illiterate and complain that people don't write proper English. I hope you don't expect to be taken seriously around here.
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Mon 18 Apr 2011, 22:57    Post_subject: Re: firewall useless for puppy
Sub_title: prove me wrong
 

It is your game. You set the rules. You did it all by yourself.

sickgut wrote:
I do not want "People say you can do this..." kinda
answers or philosophical answers . . .


When challenged for technical specifics, concerning this so called "waste of
resources", you seem to go to la la land. Read below.

sickgut wrote:
. . . the waste of resources is more of an expression than a
technical thing.


If it is OK for YOU to use expressions to substitute for technology, I feel
inclined to support anyone who does the same.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
aarf

Joined: 30 Aug 2007
Posts: 3620
Location: around the bend

PostPosted: Mon 18 Apr 2011, 23:30    Post_subject:  

I am under the impression that this site nationmultimedia.com can in conjunction with opera and flash, corrupt partitions and thus bring down puppy. It has in the past done that many times. Firewall is not stopping at all.
_________________

ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_

<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Mon 18 Apr 2011, 23:48    Post_subject:  

aarf wrote:
I am under the impression that this site
nationmultimedia.com can in conjunction with opera and flash, corrupt
partitions and thus bring down puppy. It has in the past done that many
times. Firewall is not stopping at all.


When you request something, the firewall anticipates a response and
regards it as authorized, unless you had a unique configuration.

If you don't request it, then the incoming is unauthorized and blocked.

I just visited the site. I suppose on next boot I'll find out if I have an
partitions.

~
nationalm.png
 Description   
 Filesize   99.77 KB
 Viewed   1258 Time(s)

nationalm.png


_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Tue 19 Apr 2011, 00:02    Post_subject:  

Bernie_by_the_Sea wrote:
I'm more concerned about outgoing than I am incoming . . .


Myself included

Bernie_by_the_Sea wrote:

. . . so at the moment I have I think nine apps blocked from accessing the net.


Please tell, in detail, how do you block apps?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Tue 19 Apr 2011, 04:26    Post_subject:  

dunno how many times i say this it doesnt seem to make any difference.
if a program is useless its just wasting space/ resources. I dont care how many.
its in the range of no more than a MB or 2 of ram once loaded. To put that into persepective this is a distro that tries to save 1 and 2mb in iso size etc by stripping out stuff as much as it can and the firewall is using 1.5% or so of the total ram used once booted up.

My original post is easy enough to understand. Ive replied to the " define the resources yourself..." posts. So now for the 443223th time im saying the amount of resources isnt the point. If a program is not doing anything worth while then the bits/ bytes whatever its taking up in ram isnt doing anything usefull.

Next person who challenges me to find the exact resources it uses ill simply use the same stupidity back at them and say that you should prove that the firewall is not using resources and to define exactly how much its not using.
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Tue 19 Apr 2011, 05:33    Post_subject:  

sickgut wrote:
dunno how many times i say this it doesnt seem to make any difference. if a program is useless its just wasting space/ resources. I dont care how many.

Is it a program?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Tue 19 Apr 2011, 06:28    Post_subject:  

Bruce B wrote:

Bernie_by_the_Sea wrote:

. . . so at the moment I have I think nine apps blocked from accessing the net.


Please tell, in detail, how do you block apps?

Backing up, earlier I wrote:

Quote:
My firewalls both in Windows and various Linux distros both allow and block certain apps and certain IPs. I'm more concerned about outgoing than I am incoming so at the moment I have I think nine apps blocked from accessing the net.

The nine blocked are in Windows, not Puppy. I use three firewalls in XP and I block specific apps with Ashampoo. It has a nice gui, doesn't interfere with other firewalls, and is ultra-simple to use.

In Puppy, it's not simple at all especially using command-line iptables and especially when you’re basically ignorant about using iptables. All my outgoing blocks in Puppy are merely experiments since there's nothing that needs to be blocked. I block apps by the ports they use. Right now I'm playing around having cups (port 631) blocked but you can block other ports/apps such as ssh (port 22) and samba (ports 137,138,139). I'm playing with cups since it's easy to confirm a printer is blocked. Who knows, maybe somebody doesn't want their kids in another room using the printer.

Puppy's firewall uses between 1% and 2% of CPU and it uses over 1% of RAM. Puppy doesn't need a firewall but old habits are hard to break.
Back to top
View user's profile Send_private_message 
r1tz


Joined: 09 Sep 2010
Posts: 165
Location: In #puppylinux (IRC)

PostPosted: Tue 19 Apr 2011, 06:53    Post_subject:  

Getting attempts to force into sshd/servers are very common. Many people run scripts to run through a list of IP address to... ...

Using firewall to block others is fine if you are only running sshd. but you did mention webserver so i wrongly assume that you meant hosting it with the same computer. becasue if you use firewall to block those IP, they wont be able to veiw your webserver.

Im not saying you are wrong, just different ways of doing it.

As long as you use a strong password, you should be fine.


This would be a case of Convenience VS security.


Bruce B, imo firewall is a program. It is a program design to follow a set of rules to allow/block packets. The set of rules might be block packets from port 1-100 or a range of IP or some complicated set of rules. but still, it is a program.

I think that firewall is necessary.
The chances you get attack are very low(really very low). It is not too low either. Better to be safe than to be sorry.

Well... you wont need firewall if you don't have sensitive info in your computer and you dont use a savefile. In this case, firewall is really useless.
Back to top
View user's profile Send_private_message MSNM 
don922

Joined: 19 Jan 2008
Posts: 380
Location: The land of 14" monitors

PostPosted: Tue 19 Apr 2011, 08:09    Post_subject:  

aarf wrote:
I am under the impression that this site nationmultimedia.com can in conjunction with opera and flash, corrupt partitions and thus bring down puppy. It has in the past done that many times. Firewall is not stopping at all.


Since The Nation is one of the leading english language newspapers in Thailand, I have read it everyday on the internet for the last three and one half years. I use firefox on puppy and I have never experienced any problem with The Nation.

_________________
Don -- Thailand

Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Tue 19 Apr 2011, 10:47    Post_subject:  

don922 wrote:
I use firefox on puppy and I have never experienced any problem with The Nation.

He did say "opera and flash," not firefox. Opera has a history of not working well with some versions of flash and flash itself has been known to do damage sometimes from an otherwise harmless site. Flash is inherently unsafe. I normally browse with flash disabled and turn it on only if there's something I think I absolutely have to see which is very rare.

I think it was a rival English-language newspaper in Japan that demonstrated the Opera/flash problem with nationmultimedia.com but I can't find the article.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 2 of 13 Posts_count   Goto page: Previous 1, 2, 3, 4, ..., 11, 12, 13 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1116s ][ Queries: 12 (0.0091s) ][ GZIP on ]