Find the answer to your Linux question:
Results 1 to 5 of 5
Hello, would zone alarm work on linux? if it does, will it work good? and if it doesnt, are there other firewalls very much like it so that i can ...
  1. 02-19-2005 #1
    vampire slayer
    vampire slayer is offline
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2

    Zone alarm/alternative



    Hello, would zone alarm work on linux? if it does, will it work good? and if it doesnt, are there other firewalls very much like it so that i can have a list of apps giving me the ability to grant acess or block from getting on the net easily?

    edit-if it helps any, I use suse 9.2 pro on my home computer.
  2. 02-20-2005 #2
    debian
    debian is offline
    Linux Newbie
    Join Date
    Feb 2005
    Posts
    129
    You won't find ZA on linux. A nice firewall is GuardDog or Firestarter.
  3. 02-20-2005 #3
    vampire slayer
    vampire slayer is offline
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2
    thx, ill go check those out.
  4. 02-20-2005 #4
    cvncpu
    cvncpu is offline
    Just Joined!
    Join Date
    Feb 2005
    Location
    Your SQL Server
    Posts
    95
    Fedora Core 3 came with SELinux, which is very strange, im not sure wether i like it or not, but it does get the job done
  5. 03-29-2009 #5
    economist
    economist is offline
    Just Joined!
    Join Date
    Mar 2009
    Posts
    1

    Talking Application filtering firewall with iptables

    Quote Originally Posted by debian View Post
    You won't find ZA on linux. A nice firewall is GuardDog or Firestarter.
    I couldn't find an application filtering firewall equivalent to jetico or zone alarm but there is a neat workaround for privacy problematic applications using iptables cmd-owner matching.

    The idea is to create a separate user account and group for applications that may transmit sensitive information over the internet.

    Code:
    me@myhost> sudo bash
root@myhost: addgroup --gid 1010 nointernet
root@myhost: adduser --gid 1010 privacyapp

Add this line to /etc/firestarter/user-pre:
$IPT -A OUTPUT -m owner --gid-owner 1010 -d ! 127.0.0.1 -j DROP

Stop and start firestarter from the gui to force a reload.
    Any outgoing packages from applications running with effective group id 1010 should now be blocked. This should be tested as follows:

    Code:
    me@myhost> ssh -X privacyapp@localhost
privacyapp@myhost> ping no.com
PING no.com (69.64.147.249) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
    You might also try to open a web browser running under privacyapp. It should not be able to open any pages from external sites.

    Now proceed to install your favourite privacy problematic application under the privacyapp user. Just for the fun of it, I tried the online activation option and got a 'network down' error message.

    This solution will only work with distros having the match owner option enabled in the kernel. It worked out of the box on my ubuntu 7.10 system, the option to check for is this:

    Code:
    root@myhost:/# cat /boot/config-2.6.22-16-generic | grep MATCH_OWNER
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_OWNER=m
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules