After many years of comfort in the pricey Windows world, I decided it was time to learn a little Linux. Now I have RedHat 9 on my trusty notebook computer, and seeing the recent rash of malicious activity, I'm thinking I might need some help.

Linux has its own firewall built in, but I don't know how effective it is, or whether it is adequately configured. Can someone point me to an easy-to-understand document on configuring it, or, alternatively, to an open source easy-to-use Linux firewall?

I'm also seeking open source or freeware anti-virus and anti-spyware programs for Linux. Any suggestions?

gah.. I just completed a project on using IPTables (the built-in linux firewall) and was planning on making a tutorial on how to use it. Haven't gotten that far, though.

I can tell you that IPTables rock, and they're fairly simply once you get the hang of it. I would hazard to say they're considerably more powerful than the vast majority of firewalls out there.

Anyway, if you're interested, you can get the firewall I built here:

http://clankiller.com/linux

it's a bash shell script, but it's heavily commented. I got all my information from here:

http://iptables-tutorial.frozentux.net/chunkyhtml/index.html

and the man pages for iptables (man iptables) or /sbin/iptables --help

Personally I prefer building my own firewalls to using someone else's....this way I know precisely what's going on with my box. Anyway, if you have any questions fire away.

I am going to try to fix the linux box I have (the one that I mentioned died in the other post) and use it for a supplementary firewall on the internet side of my routers.

Originally posted by afrayer
I'm also seeking open source or freeware anti-virus and anti-spyware programs for Linux. Any suggestions?

Yeah...save your time. There really aren't any serious Linux viruses out there like there are Windows' viruses, mostly because Linux users only account for about 2~3% of the desktop market, and knocking even 75% of that wouldn't get any real headlines like SoBig.F is.

As for the Spyware question, the answer is similar. Everybody and their mothers can look at the code, so no one's really going to try to sneak spyware in.

/me who opened three .pif files today. :)

true that. I would be less concerned about viruses and spyware and more concerned about people doing a remote exploit. That's one of the reasons for me doing the firewall... it only allows access from the internet to one specific service that's rather difficult to hack (SSH). A default RedHat installation, for instance, has all kinds of security holes. So, you just portscan yourself, find what ports are open, then close them all. It's a quick and dirty way of making yourself invisible to the internet.

btw, a good port scanner is Nmap: http://www.insecure.org/nmap/nmap_download.html