Main Area and Open Discussion > Non-Windows Software

NIX: Douane - An application aware personal firewall

<< < (2/2)

40hz:
Keep in mind that the auto-recompile done by the DKMS system uses the same source file that was already compiled for the kernel you were using - so the auto-recompile won't introduce any malicious code that wasn't already there.
-mwb1100 (December 08, 2014, 01:24 PM)
--- End quote ---



@mwb - Doah! (You're right. What was I thinking? :-[ )

IainB:
@40hz and @Shades: Ah, thanks for putting me straight on that. My ignorance - I had not appreciated that firewalls were so uniquely different/difficult to Windows in other OSes (and I thought the Windows one was bad enough anyway...).

40hz:
@40hz and @Shades: Ah, thanks for putting me straight on that. My ignorance - I had not appreciated that firewalls were so uniquely different/difficult to Windows in other OSes (and I thought the Windows one was bad enough anyway...).
-IainB (December 09, 2014, 08:20 AM)
--- End quote ---

You wouldn't believe! ;D

Actually IPtables and NetFilter (which forms the core of most Linux firewall solutions) isn't difficult to set up from the CLI per se. You just need to know a fair bit about how things work when it comes to IP traffic to do it right. Because a misconfigured or badly configured FW can be worse than no FW at all. That's an awful lot of "how" and "why" you need to know, whereas the average beginner only knows "what" at best. Douane seems to bring it down to: "This is what's happening. What do you want to do about it?" Sounds like beginner's heaven to me,

Take a look at this page for Firewall Builder. It's one of the better known tools to make configuring a FW "easier." Imagine turning a new user loose with that.

40hz:
UPDATE:

Ok, I installed it on a test machine (Mint 17.1 Cinnamon) and have concluded it's NOT ready for prime-time.

Issues:

1) The installation dependencies have left out g++ as a required package. Not a problem as long as you understand the error message you'll see and know how to install g++. Many new users won't have a clue.

2) If you follow the installation steps exactly, at a certain point about half way through you are instructed to start the douane-daemon to verify it installed properly. If you do that you won't be able to complete the installation, because it will be running before the configuration utility and the GUI are installed - and it will be blocking everything. So you'll need to stop the daemon (i.e. sudo service douane stop) to get web access in order to complete installing everything else. Not a problem for a moderately experienced user. But a newbie will find their machine is now unable to get any internet access until they stop the service or (hopefully) reboot their machine. That's pretty scary situation for a new Linux user to find themselves in. Fortunately, the installation process doesn't configure the daemon to autostart on boot or it would be a total nightmare for the unsuspecting.

3)The script for installing the Ubuntu launcher for the Configurator does not work with Cinnamon. You'll need to do it manually.

Item 2 above is pretty serious IMO. But the real showstopper is Douane does not recognize Firefox. It caught Thunderbird and Dropbox just fine. But FF (v33.x) and it's cousin PaleMoon (25.1.0 x64) were ignored. No popup asking what to do. So if the douane-daemon is running you won't be able to use either browser unless you turn it off.

That was it for me.



Recommendation: skip this one for now. Or better yet, wait until it's stable enough to find it in your distro's repository.

Navigation

[0] Message Index

[*] Previous page