0

When I learned C and C++, I also practiced some Visual Basic. I remember that in VB, I could create an interface and write a function for a button or point a button to a function, etc.

Although it has been few years since I switched to Linux, I'm missing some of the software I used on Windows OS, like Private Firewall. Searching on the net for similar software on Linux is pointing me to iptables. This iptables seems to be a command line tool and although functional, it doesn't have certain features which Private Firewall had, like for example asking me for permission to allow or deny a connection before actually allowing the connection.

There are many such tools I'm missing, like HIPS, etc. As I had some experience with VB, I'm thinking creating a GUI for iptables will be similar, is it really as simple as pointing a GUI feature to a function in iptables, etc? I want to take this slow, so first I want to create a GUI for iptables, later on I want to write my own features for iptables, like asking if it should allow a connection, terminate a connection, add HIPS, create logs and show statistics, etc.

noviceFedora
  • 21
  • Iptables is merely a firewall. If you want to setup an IPS you can use Snort or if you want to use a more feature-rich option you can use AppArmor which is closer to an HIPS in its operation. Also there is Advanced Intrusion detection system . And there are also GUI programs available for managing the iptables like FWBuilder and GuideDog. – Parsa Mousavi Jun 09 '20 at 10:00
  • But if you want to create your own GUI , I don't think it's difficult to make a simple GUI for it. And the hardest part is that you need to know the iptables commands and some Regex to program it. – Parsa Mousavi Jun 09 '20 at 10:01
  • 1
    Note that if you do want to write a GUI, then Visual Basic isn't a good choice. First because it's a language designed for Windows, I don't even know if there are tools that can handle it in the *nix world and second because it is a legacy language, abandoned since 2008 with the last version coming out in 1996. – terdon Jun 09 '20 at 10:13
  • 1
    In addition to the comment of @terdon , you can use Qt or Gtk as the GUI toolkit which are well-supported and well-integrated with linux distributions. – Parsa Mousavi Jun 09 '20 at 10:20
  • @ParsaMousavi Thanks for those suggestions, I'm using Fedora and FWBuilder and GuideDog are not available from official repositories. Does FWBuilder ask user for permission before allowing a connection? There doesn't seem to be any documentation available for iptables detailing it's functions. Do you suggest I create GUI replacements for actual iptables commands which user types? – noviceFedora Jun 09 '20 at 10:37
  • 1
    iptables is complicated, but there is a simpler CLI front-end called ufw. And there is at least on GUI version of ufw called gufw. – xenoid Jun 09 '20 at 10:37
  • @noviceFedora What do you mean by "ask user for permission before allowing a connection" ? If you mean interactively , then no . The purpose of firewall is to obviate the need of user interaction. And if you want to log all firewall events , take a look at here. – Parsa Mousavi Jun 09 '20 at 11:00
  • @ParsaMousavi Doesn't that pose a security risk? If a firewall doesn't ask a user if it should allow a connection, any virus can make a connection and the firewall will let through that connection, the only way to block would be to go through all the logs and determine which is the malware's connection and then block, by that time, the damage would be done. – noviceFedora Jun 09 '20 at 11:28
  • @xenoid gufw seems to simple, does it ask me if it should allow a connection? – noviceFedora Jun 09 '20 at 11:30
  • @noviceFedora All inbound ports are blocked by default in any OS specifically linux. You only need to specify which ports have to be opened.So there's no security risk as long as you know what you're doing.And you cannot manually grant or deny permission for any connection via clicking Yes or No .There could be a lot. But you can block some specific IP addresses. – Parsa Mousavi Jun 09 '20 at 11:32
  • @ParsaMousavi I don't think that's entirely accurate, lets say if I open Firefox, it immediately tries to load the homepage, for that it has to look up the DNS, after getting the IP address of the site, it initiates the connection with that server and whatever the server sends will be allowed through, otherwise the page wouldn't load. So all inbound traffics aren't blocked by default. The same can happen with a virus, if it initiates a connection, inbound traffic for that connection will be allowed through. – noviceFedora Jun 09 '20 at 11:36
  • @noviceFedora An "inbound connection" is initiated by a system outside yours. When FF gets something from a server (DNS or HTTP) it initiates the connection and the answer in on the same connection. In the old FTP protocol, the server would indeed initiate a connection to the client to transfer data, but this had to be supplemented by a "passive" mode because since the 90s inbound connections to clients are usually blocked (company FW, home router, or PC) (and this does not prevent the use of Internet). – xenoid Jun 09 '20 at 11:46
  • @noviceFedora In that scenario , it's actually the Firefox that has opened the port for you.Now the server is able to send you the webpage or some other files.If firefox doesn't do that , then the remote server would be unable to connect to your system by any means or send you anything. So first off a client must open a port.For example that's what a malware might does.Opening a port means opening a door into your system. And I said "all inbound ports" not "all inbound traffics". – Parsa Mousavi Jun 09 '20 at 11:46
  • @ParsaMousavi I don't see why it would be any different for ports. A virus can open a connection on HTTP port and get it's update or instructions, and send back data on the same port as well. But thanks for your suggestion. Is the only way to know about iptables's functions is to contact the developers? – noviceFedora Jun 09 '20 at 12:00
  • @noviceFedora If a virus gets downloaded in your system by the means of for example drive-by-download or a by malicious software , and if it gets executed ( these are two complete different phases since there's no autorun feature in linux by default ) , then it can open a port but if you block any ports bar what you want to use , it's impossible for the malware to open a new port.So you're safe.And actually there's no malware which can open a connection on your HTTP port unless you have installed for example an apache web server. – Parsa Mousavi Jun 09 '20 at 12:09
  • @noviceFedora And no , there's no need to contact the developers . There are a lot of guides and manuals like this and this. But if still it's ambiguous for you , as xenoid suggested you can use gufw which is far more easier to use. – Parsa Mousavi Jun 09 '20 at 12:09
  • @ParsaMousavi You write: "And actually there's no malware which can open a connection on your HTTP port unless you have installed for example an apache web server." Do you mean malwares cannot open a connection on HTTP from inside the system or from outside? Is it because of the way Linux allows files to execute that a malware cannot open an HTTP port from inside the system? – noviceFedora Jun 09 '20 at 12:48
  • @noviceFedora If a malware runs in your system then surely it can open ports from inside like what firefox or apache does.But from outside , never. Unless there's a open port in your system.Furthermore there's a difference between what firefox does and what apache does. Firefox just connects to a remote host via a port and receives information via the same port , but apache actually listens on some ports (80 for http and 443 for https) for incoming connections.You can see all of TCP connections in your system via "netstat -tnp" or all of listening ports via "netstat -lnp" . Hope it helps. – Parsa Mousavi Jun 09 '20 at 13:02
  • iptables are now deprecated. If you want to start coding, switch to nftables. – Artem S. Tashkinov Jun 09 '20 at 14:03

0 Answers0