Enabling firewall on Debian etch

[amg29]

I have just installed Debian 4.0 after getting fed up with having to constantly deal with Windows security issues.

I want to set up a firewall on my machine that is sufficient for someone using Debian as a home user (I have not installed any servers), and be easy to configure.

I am using GNOME Desktop and it would be useful to have a firewall with a GUI.

Any recommendations? Thanks!

[iwanabeguru]

i suggest you , install firestarter, it's a frontend for iptables

apt-get install firestarter

you need root privileges to start and configure it, you will figure out how can you configure it.

[amg29]

Just installed it and let's see how it goes!

[machiner]

You're in a whole new world. If you're on a desktop and you installed Debian -- you're good. Before you start messing with firewalls you should really consider getting acquainted with the daemons and other services that you intend to run. By default your Etch installation is as secure as you need it to be.

Sure Firestarter is nice and simple and you can block echo replies so you can come up clean on grc.com....but don't for one second think that Debian is at all like WIndows. Windows is a screen door on a submarine until you secure it.

Debian, out of the gate will protect you. Additionally, should you be running behind a router, then chances are that you have a firewall already.

[amg29]

Coming from Windows has made me very paranoid about people being able to easily gain control over my machine! Even though I consider myself to be a power user for Windows. That's why I want to start on Linux with as much security as possible. I am behind a router using NAT already.

You are right I should learn more about Debian's background processes and I guess I will build up to a more advanced level as time goes on.

One thing is for sure after having used Debian for just over ten days...I DON'T WANT TO KNOW WINDOWS ANY MORE!

[machiner]

You already have as much security as possible. AS I have stated, Debian is secure from the start. Unless you start adding servers et al, then you would have to proactively secure your box, but most of the daemons and servers that you can or will install are secure anyway. Until you start messing with them.

You are behind a router firewall as well. Any firewall that you put on your machine is bound to screw things up unless you disable your router's firewall, or open up all ports.

If you were a WIndows power user then you know that by shutting off the "server" service, as well as any "remote" rervices, and disabling netbios for your NIC config's about solves your problems. In fact, as in running any OS, you disable any services that you are not using. Even the print spooler. Continuing: log on as a regular user, keep the browser add-ons off the machine, stay away from warez, etc....and you're pretty much covered. Ya -- I am well aware that Windows has giant holes that are capitilized on daily by the black-hats....but for an everyday user, you do what I suggested on your WIndows box and you're almost safe.

Listen, any OS has security implications. Then -- by plugging into a network you just compounded them. Yes -- you are more secure on a Debian box, but it still has its share of problems -- rootkits, malicious scripting, flaws or bugs in daemon packages...etc.

If you seek total security, unplug from the network, remove all peripherals like floppy drives, optical drives and the like, only run software from trusted sources, etc. Basically, computer security is an elusive dream. You can almost get there, but the best bet is just to be smart and operate behing common sense. Hell, I didn't run an anti-virus on my Windows boxes....to me it was just another thing to go wrong.

THe rest is up to common sense.