Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 27 Nov 2014, 04:16
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
firewall useless for puppy
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 3 of 13 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, ..., 11, 12, 13 Next
Author Message
amigo

Joined: 02 Apr 2007
Posts: 2279

PostPosted: Tue 19 Apr 2011, 13:49    Post_subject:  

"Is it a program?"
No it is not.
Back to top
View user's profile Send_private_message 
mickee


Joined: 08 Feb 2011
Posts: 212
Location: Saskatoon SK Canada, Gateway 5300 Laptop, 600MHz Celeron, 384MB RAM, lucid puppy 5.2 (Full Install)

PostPosted: Tue 19 Apr 2011, 15:57    Post_subject:  

sickgut wrote:
wtf does windows and osx have to do with puppy forum ? im not debating usefullness of firewall on windows only puppy. i suspect ppl who ask questions about windows on a puppy forum are mentally disabled in some way so it really doesnt matter what i type here in reply i doubt beem will understand it. he probably has a really huge forehead or has some gross disfigurement that interrupts his view of a screen when he types or doesnt understand english and has just copy and pasted random stuff in his post, maybe in an effort to impress other non english speaking people..

so no i didnt ask about windows and osx its a puppy forum. goto a windows forum and ask the question yourself if you think your doing the community a favour or need to answer a deep soul searching question such as that. i hear deep soul searching windows questions can change your view of the world in such a profound way you cannot explain it with words, so i will forgive you if you ask that question on a windows forum but cant quite put your answer into words when you go to explain your experience on this puppy linux thread.

i wish you all the best in life and hope you learn to live with or cure your current physical and or mental imparment.
Evil or Very Mad

One who purposely and deliberately (that purpose usually being self-amusement) starts an argument in a manner which attacks others on a forum without in any way listening to the arguments proposed by his or her peers. He will spark of such an argument via the use of ad hominem attacks (i.e. 'he probably has a really huge forehead or has some gross disfigurement ' ) with no substance or relevance to back them up as well as straw man arguments, which he uses to simply avoid addressing the essence of the issue.

Look it up.

_________________

Linux is NOT Windows. Doesn't PRETEND to be, Doesn't WANT to be; Don't try to MAKE it be.
Back to top
View user's profile Send_private_message Visit_website MSNM 
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Tue 19 Apr 2011, 18:40    Post_subject:  

mickee re:

"with no substance or relevance to back them up as well as straw man arguments, which he uses to simply avoid addressing the essence of the issue. "

What is this essence of the issue you believe im missing? The post you quoted me on in your post was a reply to a "have you asked the same question for windows or osx?" question. Is the fact i havent asked this about windows and osx the essence of the issue?
My original post is about the usefullness of a firewall for puppy linux, not windows and osx, i wasnt aware that to ask questions about a program running on Puppy Linux, one must first prove that he has asked about the same program running on windows and osx even tho it has absolutley nothing to do with a Puppy Linux forum or that its even possible to run the same program on Windows and OSX.

There is a reason im not " listening to the arguments proposed by his or her peers."
The reason is because arguments such as the one i mentioned earlier in this reply are not even relevent to my original post. There is no reasonable way to answer such a stupid question such as "have you asked the same question for windows or osx?"
Would you think everyone here would apreciate me writing a 10 page article about the ins and outs of running the Puppy Linux firewall program on Windows and OSX?
Would that make you happy? Do you think people come here for Windows and OSX support? Seriously, to take such arguments as these that are proposed by my peers as having some weight behind them is to completely throw away any logic or common sense and start addressing issues such as: "Have you tried your new .pet package on Windows and OSX?" as an example.
Back to top
View user's profile Send_private_message Visit_website 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Tue 19 Apr 2011, 22:53    Post_subject:  

Luluc wrote:
Attackers try to break into sshd with brute force all the time. I run two Web sites, I see their dozens or hundreds of attempts in the logs every day.

When I had port 22 open on my router I would receive hundreds of login attempts per day. It was so bad that I switched to using a non-standard port for SSH, disabled password logins (only allowing key based authentication), and restricted the allowed IPs to just my ISP's range and the university's range. That was just on a home machine with no URL. I don't even want to think about how bad it is for server admins.

r1tz wrote:
Using firewall to block others is fine if you are only running sshd. but you did mention webserver so i wrongly assume that you meant hosting it with the same computer. becasue if you use firewall to block those IP, they wont be able to veiw your webserver.

That's not correct. With any good firewall (iptables, Cisco's iOS ACLs, etc.) you can block traffic based on type, the port being accessed, and the originating/destination IP/subnet. Most will also let you shape traffic without actually blocking it (i.e.: throttling bit torrent or giving higher priority to certain IPs or traffic types). I can block all non-US IPs from connecting to my machine over the SSH protocol and still let them connect to the webserver which is using a different protocol and port. Firewall access rules can get very complicated in a large-scale installation.

r1tz wrote:
Better to be safe than to be sorry.

I agree.

Bruce B wrote:
    1) What resources?
    2) How much resources?
    3) Can you measure them?
    4) How do you measure them?

Bruce B wrote:
Is it a program?

Actually, I was under the impression that it was part of the Linux kernel (not exactly a program by itself) and thus was running all of the time anyway (it just might only have the rule "allow all"). That would make its resource usage very hard to determine. Someone more knowledgeable correct me if I'm wrong.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11131
Location: The Peoples Republic of California

PostPosted: Wed 20 Apr 2011, 02:11    Post_subject:  

SirDuncan wrote:

Bruce B wrote:
    1) What resources?
    2) How much resources?
    3) Can you measure them?
    4) How do you measure them?

Bruce B wrote:
Is it a program?

Actually, I was under the impression that it was part of the Linux kernel (not exactly a program by itself) and thus was running all of the time anyway (it just might only have the rule "allow all"). That would make its resource usage very hard to determine. Someone more knowledgeable correct me if I'm wrong.


I don't think you're wrong. The questions were designed to make it difficult
for sickgut to answer, and undermine his own previous statements, even his premises.

~

_________________
New! Puppy Linux Links Page

Edited_time_total
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Wed 20 Apr 2011, 05:43    Post_subject:  

SirDuncan wrote:
Bruce B wrote:
    1) What resources?
    2) How much resources?
    3) Can you measure them?
    4) How do you measure them?

Bruce B wrote:
Is it a program?

Actually, I was under the impression that it was part of the Linux kernel (not exactly a program by itself) and thus was running all of the time anyway (it just might only have the rule "allow all"). That would make its resource usage very hard to determine. Someone more knowledgeable correct me if I'm wrong.

Iptables is built into the kernel. A firewall (rules for iptables other than allow all) is not. Puppy’s firewall (rc.firewall) can be measured precisely. On my computer running Wary 500 as I configured the firewall, it occupies exactly 73408 bytes in RAM. Killing (or never starting) that firewall process saves that 73KB.
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11131
Location: The Peoples Republic of California

PostPosted: Wed 20 Apr 2011, 06:51    Post_subject:  

Bernie_by_the_Sea wrote:
A firewall (rules for iptables other than allow all) is not. Puppy’s firewall (rc.firewall) can be measured precisely. On my computer running Wary 500 as I configured the firewall, it occupies exactly 73408 bytes in RAM. Killing (or never starting) that firewall process saves that 73KB.


Bernie_by_the_Sea,

I'll accept this at face value and mention, for reader's sake, that 73408
bytes is not much consideration for todays computers.

Can we agree this is RAM resources?

What about CPU resources? Do you know a way of measuring this as far
as our iptables?

Should I mention the iptables can be configured in a way to eliminate
things we don't want and thereby increase speed?

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Wed 20 Apr 2011, 08:00    Post_subject:  

Bruce B wrote:
Bernie_by_the_Sea wrote:
A firewall (rules for iptables other than allow all) is not. Puppy’s firewall (rc.firewall) can be measured precisely. On my computer running Wary 500 as I configured the firewall, it occupies exactly 73408 bytes in RAM. Killing (or never starting) that firewall process saves that 73KB.


Bernie_by_the_Sea,

I'll accept this at face value and mention, for reader's sake, that 73408
bytes is not much consideration for todays computers.

Can we agree this is RAM resources?

What about CPU resources? Do you know a way of measuring this as far
as our iptables?

Should I mention the iptables can be configured in a way to eliminate
things we don't want and thereby increase speed?

73408 bytes is trivial say with 1GB RAM. I think it's RAM resources.

I thought I knew how to measure CPU resources used by iptables but now I don't think I do. As an educated guess I'd say it never exceeds 2% but on the other hand I think it's always running.

Any speed increase is trivial, too.

The OP's point was that IF a firewall or Puppy's firewall is useless THEN any resources used are a waste no matter how trivial. This discussion is not quite down to how many angels can dance on the head of a pin but it is down to how the beat of a butterfly's wings in China can cause tornadoes in Kansas.
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11131
Location: The Peoples Republic of California

PostPosted: Wed 20 Apr 2011, 08:56    Post_subject:  

Bernie_by_the_Sea wrote:
I thought I knew how to measure CPU resources used by iptables but now I don't think I do. As an educated guess I'd say it never exceeds 2% but on the other hand I think it's always running.


I run an mp3player, mpg123, it does some serious full time decoding and
it uses about 2%

In Windows, I used the hosts file prevent unwanted connections, when
the connections were domain names.

For unwanted connections using IP addresses, I manipulated the routing
table.

The speed increase I refer to is by not allowing the objects to get sent
that would otherwise get sent by the GET requests the web designer
includes. Some of the more nefarious were the direct GET by IP address.

I think Linux already has iptables, only we add to its size by using a the
firewall, true?

I measure various processes using htop.

Unfortunately, I don't see any process which I can identify as - this is the
iptables.

It appears to me, not much is happening at the kernel level, when things
are idle. Albeit, it is never absolutely idle.

To my way of thinking, the iptables would come into play when doing
networking, such as connecting with Firefox. At which time Firefox is using
so many threads and hitting such a high load, anything else seems
irrelevant. But when the page is loaded, available resources become
correspondingly up again.

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Wed 20 Apr 2011, 09:33    Post_subject:  

Bernie_by_the_Sea wrote:
A firewall (rules for iptables other than allow all) is not.

No, iptables is the firewall. The rules are just rules (some, like Cisco, refer to them as access control lists).

Bernie_by_the_Sea wrote:
Puppy’s firewall (rc.firewall) can be measured precisely. On my computer running Wary 500 as I configured the firewall, it occupies exactly 73408 bytes in RAM. Killing (or never starting) that firewall process saves that 73KB.

Okay, so we're actually talking about the rc.firewall script. That changes the conversation a bit. I now assume that we are talking about an increase in the resources used when booting instead of constant resource usage (which is what I initially assumed when I thought you were talking about iptables).

If that's what is being discussed and you don't believe that it is necessary to run a firewall, then you are probably right to consider it a waste of resources. Just delete rc.firewall (or rename it to be safe) and you should get your 73KB back for the second it would have been gone. It's not enough to bother me, but I can understand wanting to optimize. As the saying goes, "Mind the ounces and the pounds will follow."

The question is, what did the OP mean by "firewall"?

Bruce B wrote:
I measure various processes using htop.

Unfortunately, I don't see any process which I can identify as - this is the
iptables.

That's because there is no process for iptables. It is literally a function of the kernel. You won't see a process for rc.firewall either. It only runs for about a second at startup in order to configure the firewall settings. Unless there is some other related script that is running that I don't know about (always a possibility), there is no additional constant overhead beyond what you get from iptables in the kernel.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11131
Location: The Peoples Republic of California

PostPosted: Wed 20 Apr 2011, 10:35    Post_subject:  

SirDuncan

I'm pretty sure it is not Bernie_by_the_Sea's position that the memory
increase by larger iptables is reason not to run a firewall. Rather, merely a
technical statement or calculation on the resource usage, which was I think
an answer to a question.

Bruce

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9260
Location: Stratford, Ontario

PostPosted: Wed 20 Apr 2011, 10:46    Post_subject:  

SirDuncan wrote:
That's because there is no process for iptables. It is literally a function of the kernel. You won't see a process for rc.firewall either. It only runs for about a second at startup in order to configure the firewall settings. Unless there is some other related script that is running that I don't know about (always a possibility), there is no additional constant overhead beyond what you get from iptables in the kernel.

Correct me if I'm wrong. But if you don't load the firewall, then certain kernel modules aren't loaded either. So there will be a savings by not having those modules in place.
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Wed 20 Apr 2011, 11:38    Post_subject:  

Going off topic (perhaps), this morning I took a closer look at the latest Knoppix firewall which is somewhat similar to Puppy’s. By default it starts with all common ports closed and none stealthed. It responds to pings. Most security experts say a no-stealth/ping-replying firewall is bad but the majority of Knoppix users (I imagine) run it as a Live CD (but my imagination might be wrong because I know two college students who have a Knoppix full HD install as their only OS)... Now I forgot where I was going with this, but then I’m 83 years old and my senior moments grow longer. Smile I also tend to ramble on at length about nothing so I’ll leave this in my post. Maybe somebody knows where I was going. Smile

Actually my position is that an ordinary home user running Linux of any flavor does not need a firewall. Obviously someone doing a bit more with their computer than the ordinary home user probably does need a firewall although not for malware/virus avoidance as in Windows. Some advanced Linux users probably a firewall to avoid system overload crashes from roving bands of inquiring intruders (speaking almost poetically). I think this boils down to personal use determining the need for a firewall. No matter what the system some need a firewall and some don’t (even in Windows). Thus a firewall should be optional, easy to enable or disable. A new user should be told if the firewall is disabled by default.

Now the question becomes are Puppy users ordinary home users?
Back to top
View user's profile Send_private_message 
L18L

Joined: 19 Jun 2010
Posts: 2579
Location: www.eussenheim.de/

PostPosted: Wed 20 Apr 2011, 16:05    Post_subject: firewall useless for puppy
Sub_title: prove you right
 

Bernie, good question
let the user decide what he needs

OP,
idiotic question
Puppy really doesn't need a firewall. It is a distro.
And please don't flame non-English speakers not before you are writing English correctly

waste of ..... time?
Sure, OP did want only "prove me wrong"
Back to top
View user's profile Send_private_message 
live

Joined: 10 Feb 2010
Posts: 162

PostPosted: Wed 20 Apr 2011, 19:26    Post_subject:  

sickgut

You want a mathematical demonstration.

So here is your answer:
For any OS(Win(s), MacOS, Linux(es), MVS, ...) a firewall will never prevent you from a
* eavedropper
* malwares/virus
* trojan

Now, why would one use a firewall ?
Well, I'll make an analogy. It's like a airbag, it could safe you from injuries, but it'll neither prevent you from driving crazy, nor having a fatal accident... still you prefer to have one( and now cars have manies). Furthermore, you want them to be there, but never be used !

Your remark about being, something as stupid to have 4 anti-virus under Linux.
Well, again cast a look a www.virustotal.com, but also anti-virus concept is going obsolete, as virus can be too tricky to discover (encrypted & spread over different files).

If you are concerned by ressources consommation, simply turn it off.

But a better question could be, what the Puppy firewall is supposed to do? Does it in efficient way ?

Quote:
If you run Puppy from a multisession DVD in a computer that has no hard disk drive, as I do, then I can't see the need for a firewall. Even if something from the internet did manage to take over Puppy, which as far as I know has never happened, to restore Puppy to the way it was, I just reboot without saving.

Without being paranoïd, it won't prevent from
1/ eavedropping
2/ redirecting to another system that you might be connected to
But appart from eavedropping you do a hard hacking job.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 3 of 13 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, ..., 11, 12, 13 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1280s ][ Queries: 12 (0.0067s) ][ GZIP on ]