On 3/10/06, Shriramana Sharma
I wonder how SUSE Firewall works.
Like a real firewall
Back in Windows, with ZoneAlarm, when I first install it, it asks me for permission and preconfigures my default browser and mail client to access the net. After that, every new application that tries to access the net or every incoming connection from the net, it asks me for permission.
But SUSE Firewall never asks me anything.
A firewall is not supposed to ask you questions, it is supposed to protect you from the outside. Again the Windows philosophy has managed to screw up the perception of how a computer (or in this case a firewall) is suppsoed to work. ZoneAlarm protects your PC from outside access (or at least that is what it is suppsoed to do), but it also protects the rest of the world against your PC. Because Windows suffers from viruses and spyware which sends out information to the outside world and "phone home" or infect other machines, you need to also monitor outgoing connections on a Windows box, that is why ZoneAlarm asks you every time an app tries to contact the outside world. But, on Linux, we do not have the virus and spyware problem, so we don't need to police our own machine so intensely. The normal firewalls (like what UNIX and Linux, etc use) normally only blocks incoming traffic, as it is suppsosed to protect you from the outside world and not the other way around. But, it is also possible to let a real firewall check both ways of the traffic and I believe this is normally done when the internal network contains Windows machines or when they want to prevent employees from using certain protocols. So, under normal circumstances, you do not need to worry about which application is accessing what, except if you think that your machine has been compromised, but then you need to use a rootkit tool to find the breach.
How do I know which applications it forbids and which it allows? How does it know which applications to forbid and which to allow?
THe firewall do not monitor appications, but ports and it normally only monitor ports for outside access. You can set up your firewall to log everything and then you see in the logs exactly what it is doing. You can also use "netstat -pant" to show you all the active connections and which applications are using it. Or you can use something like etherreal to see exactly what traffic is going where on your machine. There are other tools available too, but I cannot think of the names now.
I would much prefer a ZoneAlarm-like firewall that tells me what it is doing.
I don't trust ZoneAlarm as far as I can throw it, because I am not really sure what it is doing. The fact that it pops up a nice little window that informs me that FireFox wants to access the net does not give me much confidence. I am interested in who is acessing which ports on my machine and I want to see it in real-time as close to the source as possible. I don't have a clue what ZoneAlarm is really doing and what it is showing me. Is it the same thing? ZA feels to me like a black box and I have to trust that what the UI is showing me is what it is actually doing, but I cannot go and look inside to see what is really happening. With the Linux fkirewall I can go and do a dump of the iptables rules and see what it is supposed to do and then I can check my ports and traffic to see if it is really doing what it should. Hopes this helps a bit to explain a bit of how a firewall works. (Although I am not a security expert, but I have played around with a few firewalls and experimented a bit) If you don't trust your own PC or the users of your PC, you can use AppArmour to only allow certain applications to be used. This can be very handy, but it is also a process to set it up, as your need to know precicely which libraries are acessed by an application, etc. But it should prevent unauthorised applications (like spyware, if any exist and is viable for Linux) from running. -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za ~ A dinosaur is a salamander designed to Mil Spec ~