Rob posted on Sat, 06 Mar 2010 21:31:15 -0500 as excerpted: > On Saturday 06 March 2010 02:23 pm, Joe Zeff wrote: >> I used ZA back before I switched to Linux only, and I have nothing but >> praise for it. The interesting thing is, not one of those programs >> failed to run properly without Internet access.
FWIW, ZA Pro was I believe the last MSWormOS software I actually paid for, before switching to Linux full-time. At the time, I was already planing to eventually switch to Linux, was pre-checking all hardware upgrades for Linux drivers (as I mentioned earlier, I unfortunately didn't groke the difference between "Linux drivers" and "freedomware Linux drivers" at the time, or I'd have never purchased that last nVidia card), and had basically stopped purchasing MSWormOS based software, but I decided ZA Pro was worth it for my needs, and it's a decision I don't regret. =:^) > I actually really wish there was a ZoneAlarm, meaning a firewall that'll > actually pop up interactive alerts when programs try to hit the Internet > and allow me to confirm or deny them and set up white- and blacklists, > for Linux. Not only for keeping proprietary Linux software honest, but > also for when I need to try something out under Wine (maybe ZoneAlarm > itself would run under Wine, but I'm not optimistic). With the kernel based IPTables/Netfilter, it's possible to do, you'd just need an appropriate front-end. There's quite a few firewall front-ends to netfilter, and even more distributions designed to run it as a core piece of a hardware firewall appliance/machine solution, but I don't know of any with that level of X-based interactivity. Using netfilter/iptables, it's actually almost trivial to setup an incoming stateful firewall similar in firewall functionality to a NAPT based hardware router (with automatically allowed replies to outgoing), and to open port specific holes in it again similar to such a router. One could setup an outgoing firewall as well using the same netfilter/iptables core, similar to what the various Zone Alarm like apps do on MSWormOS, but tracking and managing the allowed apps and setting up a system to remember them for more than just a single session isn't anything like as trivial as setting up that incoming stateful firewall, command-wise. Setting up logging, and blocking individual apps based on the logs (thus black-list based, rather than white-list), would be rather easier, and indeed is done relatively routinely by various Linux sysadmins I'm sure, but that's not the same as a white-list based system with a memory of what's allowed beyond the current session, and /that/ isn't the same as designing and coding a nice GUI to go with it, similar to what ZA does. But I wonder... surely someone's thought of it and at least has made a start at it?? Maybe one day I'll decide it's worth checking out freshmeat, etc, and/or googling, to see. I believe it should be simple enough that in theory, even a bash and kdialog/zenity/xdialog scripter like me should be able to set it up, including the GUI, no "exotic" C/C++ or even "stronger scripting language" like python/perl/tcl/tk necessary (tho it'd arguably be easier, better GUI, and faster responding on slow hardware, than bash/?dialog, for those that know other languages). -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/pan-users
