Find the answer to your Linux question:
Results 1 to 5 of 5
Hello, would zone alarm work on linux? if it does, will it work good? and if it doesnt, are there other firewalls very much like it so that i can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2

    Zone alarm/alternative


    Hello, would zone alarm work on linux? if it does, will it work good? and if it doesnt, are there other firewalls very much like it so that i can have a list of apps giving me the ability to grant acess or block from getting on the net easily?

    edit-if it helps any, I use suse 9.2 pro on my home computer.

  2. #2
    Linux Newbie
    Join Date
    Feb 2005
    Posts
    129
    You won't find ZA on linux. A nice firewall is GuardDog or Firestarter.

  3. #3
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2
    thx, ill go check those out.

  4. #4
    Just Joined!
    Join Date
    Feb 2005
    Location
    Your SQL Server
    Posts
    95
    Fedora Core 3 came with SELinux, which is very strange, im not sure wether i like it or not, but it does get the job done

  5. #5
    Just Joined!
    Join Date
    Mar 2009
    Posts
    1

    Talking Application filtering firewall with iptables

    Quote Originally Posted by debian View Post
    You won't find ZA on linux. A nice firewall is GuardDog or Firestarter.
    I couldn't find an application filtering firewall equivalent to jetico or zone alarm but there is a neat workaround for privacy problematic applications using iptables cmd-owner matching.

    The idea is to create a separate user account and group for applications that may transmit sensitive information over the internet.

    Code:
    me@myhost> sudo bash
    root@myhost: addgroup --gid 1010 nointernet
    root@myhost: adduser --gid 1010 privacyapp
    
    Add this line to /etc/firestarter/user-pre:
    $IPT -A OUTPUT -m owner --gid-owner 1010 -d ! 127.0.0.1 -j DROP
    
    Stop and start firestarter from the gui to force a reload.
    Any outgoing packages from applications running with effective group id 1010 should now be blocked. This should be tested as follows:

    Code:
    me@myhost> ssh -X privacyapp@localhost
    privacyapp@myhost> ping no.com
    PING no.com (69.64.147.249) 56(84) bytes of data.
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted
    You might also try to open a web browser running under privacyapp. It should not be able to open any pages from external sites.

    Now proceed to install your favourite privacy problematic application under the privacyapp user. Just for the fun of it, I tried the online activation option and got a 'network down' error message.

    This solution will only work with distros having the match owner option enabled in the kernel. It worked out of the box on my ubuntu 7.10 system, the option to check for is this:

    Code:
    root@myhost:/# cat /boot/config-2.6.22-16-generic | grep MATCH_OWNER
    CONFIG_IP_NF_MATCH_OWNER=m
    CONFIG_IP6_NF_MATCH_OWNER=m

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •