Tuesday, January 24, 2012

Top 5 Best Linux Firewalls

If you are new to any of the top 5 firewalls mentioned here, please read the rest of the article to understand more about them.

1. Iptables

iptables is a user space application program that does packet filtering, network address translation (NAT), and port address translation (PAT).  iptables is for IPv4.  ip6tables is for IPv6.
iptables needs kernel with ip_tables packet filter (including Linux kernel 2.4.x and 2.6.x). Using iptables you can view, add, remove or modify the rules in the packet filter ruleset.

2. IPCop

IPCop is for small-office and home-office users. This is a Linux firewall distribution, that requires a separate low power PC to run the software. You can configure the firewall rules from a friendly web interface. This is a stateful firewall based on Linux netfilter.
You can take an old PC and convert it to a secure internet application with IPCop, which will secure the home/small-office network from internet and also improve web browser performance by keeping some frequently used information.

3. Shorewall

Shorewall firewall’s tag-line is: iptables made easy. It is also known as “Shoreline Firewall”. It is built upon the iptables/ipchains netfilter system.
If you have hard-time understanding the iptables rules, you should try shorewall, as this provides a high level abstraction of iptables rules using text files.
Shorewall contains the following packages:
  • Shorewall – Helps to create ipv4 firewall
  • Shorewall6 – Helps to create ipv6 firewall
  • Shorewall-lite – Helps to administer multiple ipv4 firewalls
  • Shorewall6-lite. Helps to administer multiple ipv6 firewalls
Additional information about shorewall:

4. UFW – Uncomplicated Firewall

UFW is a command line program that helps manage the netfilter iptables firewall. This provides few simple commands to manage iptables. Gufw is a graphical interface for the UFW that is used on Ubuntu distribution. It is very intuitive and easy to manage your iptables firewall using Gufw. You can run Gufw on any Linux distribution that has Python, GTK and ufw.
To allow ssh access in UFW you have to do the following. It’s that easy.
$ sudo ufw allow ssh/tcp

5. OpenBSD and PF

PF stands for packet filter. PF is licensed under BSD and developed on OpenBSD. PF firewall is installed by default on OpenBSD, FreeBSD, NetBSD.
PF does the following.
  • Packet Filtering
  • NAT
  • Traffic redirection (port forwarding)
  • Packet Queueing and Prioritization
  • Packet Tagging (Policy Filtering)
  • Excellent log capabilities
Additional information about PF:

Additional Firewall Software

Following are additional firewalls mentioned by readers along with the total number of votes it received.
  • CheckPoint FireWall-1 5
  • pfsense 5
  • Firestarter 5
  • Netfilter 4
  • SmoothWall Express 3
  • Guarddog 3
  • ipchain 3
  • Endian 2
  • Susefirewall 1
  • Cisco ASA/PIX 1
  • ClearOS 1
  • APF 1
  • Firewall Builder 1
  • Auto firewall in Puppy Linux 1
  • Drawbridge 1
  • Monowall 1
  • Firehol 1
  • SuSEfirewall2 1
  • Plesk 1

How To Manage Packages Using apt-get, apt-cache, apt-file and dpkg Commands

Debian based systems (including Ubuntu) uses apt-* commands for managing packages from the command line.
In this article, using Apache 2 installation as an example, let us review how to use apt-* commands to view, install, remove, or upgrade packages.

1. apt-cache search: Search Repository Using Package Name

If you are installing Apache 2, you may guess that the package name is apache2.  To verify whether it is a valid package name, you may want to search the repository for that particular package name as shown below.
The following example shows how to search the repository for a specific package name.
$ apt-cache search ^apache2$
apache2 - Apache HTTP Server metapackage

2. apt-cache search: Search Repository Using Package Description

If you don’t know the exact name of the package, you can still search using the package description as shown below.
$ apt-cache search "Apache HTTP Server"
apache2 - Apache HTTP Server metapackage
apache2-doc - Apache HTTP Server documentation
apache2-mpm-event - Apache HTTP Server - event driven model
apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
apache2-mpm-worker - Apache HTTP Server - high speed threaded model
apache2.2-common - Apache HTTP Server common files

3. apt-file search: Search Repository Using a Filename from the Package

Sometimes you may know the configuration file name (or) the executable name from the package that you would like to install.
The following example shows that apache2.conf file is part of the apache2.2-common package. Search the repository with a configuration file name using apt-file command as shown below.
$ apt-file search apache2.conf
apache2.2-common: /etc/apache2/apache2.conf
apache2.2-common: /usr/share/doc/apache2.2-common/examples/apache2/apache2.conf.gz

4. apt-cache show: Basic Information About a Package

Following example displays basic information about apache2 package.
$ apt-cache show apache2
Package: apache2
Priority: optional
Maintainer: Ubuntu Core Developers
Original-Maintainer: Debian Apache Maintainers
Version: 2.2.11-2ubuntu2.3
Depends: apache2-mpm-worker (>= 2.2.11-2ubuntu2.3)
 | apache2-mpm-prefork (>= 2.2.11-2ubuntu2.3)
 | apache2-mpm-event (>= 2.2.11-2ubuntu2.3)
Filename: pool/main/a/apache2/apache2_2.2.11-2ubuntu2.3_all.deb
Size: 46350
Description: Apache HTTP Server metapackage
 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software.
Homepage: http://httpd.apache.org/

5. apt-cache showpkg: Detailed Information About a Package

“apt-cache show” displays basic information about a package. Use “apt-cache showpkg” to display detailed information about a package as shown below.
$ apt-cache showpkg apache2
Package: apache2
2.2.11-2ubuntu2.3 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jaunty-updates_main_binary-i386_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_jaunty-security_main_binary-i386_Packages)
 Description Language:
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jaunty-updates_main_binary-i386_Packages
                  MD5: d24f049cd70ccfc178dd8974e4b1ed01
Reverse Depends:
  2.2.11-2ubuntu2.3 - apache2-mpm-worker (18 2.2.11-2ubuntu2.3) apache2-mpm-prefork (18 2.2.11-2ubuntu2.3) apache2-mpm-event (2 2.2.11-2ubuntu2.3)
  2.2.11-2ubuntu2 - apache2-mpm-worker (18 2.2.11-2ubuntu2) apache2-mpm-prefork (18 2.2.11-2ubuntu2) apache2-mpm-event (2 2.2.11-2ubuntu2)
  2.2.11-2ubuntu2.3 -
  2.2.11-2ubuntu2 -
Reverse Provides:
  apache2-mpm-itk 2.2.6-02-1build4.3
  apache2-mpm-worker 2.2.11-2ubuntu2.3
  apache2-mpm-prefork 2.2.11-2ubuntu2.3
  apache2-mpm-prefork 2.2.11-2ubuntu2
  apache2-mpm-event 2.2.11-2ubuntu2

6. apt-file list: List all the Files Located Inside a Package

Use “apt-file list” to display all the files located inside the apache2 package as shown below.
$ apt-file list apache2 | more
apache2: /usr/share/bug/apache2/control
apache2: /usr/share/bug/apache2/script
apache2: /usr/share/doc/apache2/NEWS.Debian.gz
apache2: /usr/share/doc/apache2/README.Debian.gz
apache2: /usr/share/doc/apache2/changelog.Debian.gz

7. apt-cache depends: List all Dependent Packages

Before installation, if you like to view all the dependent packages, use “apt-cache depends” as shown below.
$ apt-cache depends apache2
 |Depends: apache2-mpm-worker
 |Depends: apache2-mpm-prefork
  Depends: apache2-mpm-event

8. dpkg -l: Is the Package Already Installed?

Before installing a package, you may want to make sure it is not already installed as shown below using dpkg -l command.
$ dpkg -l | grep -i apache

9. apt-get install: Install a Package

Finally, install the package using “apt-get install” as shown below.
$ sudo apt-get install apache2
[sudo] password for ramesh: 

The following NEW packages will be installed:
  apache2 apache2-mpm-worker apache2-utils apache2.2-common libapr1
  libaprutil1 libpq5

0 upgraded, 7 newly installed, 0 to remove and 26 not upgraded.

10. dpkg -l : Verify Whether the Package got Successfully Installed

After installing the package, use “dpkg -l” to make sure it got installed successfully.
$ dpkg -l | grep apache
ii  apache2             2.2.11-2ubuntu2.3  Apache HTTP Server metapackage
ii  apache2-mpm-worker  2.2.11-2ubuntu2.3  Apache HTTP Server - high speed threaded mod
ii  apache2-utils       2.2.11-2ubuntu2.3  utility programs for webservers
ii  apache2.2-common    2.2.11-2ubuntu2.3  Apache HTTP Server common files

11. apt-get remove: Delete a Package

Use “apt-get purge” or “apt-get remove” to delete a package as shown below.
$ sudo apt-get purge apache2


$ sudo apt-get remove apache2

The following packages were automatically installed and are no longer required:
  apache2-utils linux-headers-2.6.28-11 libapr1 apache2.2-common
  linux-headers-2.6.28-11-generic apache2-mpm-worker libpq5 libaprutil1

Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
0 upgraded, 0 newly installed, 1 to remove and 26 not upgraded.
Removing apache2 ...
  • apt-get remove will not delete the configuration files of the package
  • apt-get purge will delete the configuration files of the package

12. apt-get -u install: Upgrade a Specific Package

The following example shows how to upgrade one specific package.
$ sudo apt-get -u install apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
apache2 is already the newest version.
The following packages were automatically installed and are no longer required:
  linux-headers-2.6.28-11 linux-headers-2.6.28-11-generic
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 26 not upgraded.

13. apt-get -u upgrade: Upgrade all Packages

To upgrade all the packages to it’s latest version, use “apt-get -u upgrade” as shown below.
$ sudo apt-get -u upgrade
The following packages will be upgraded:
  libglib2.0-0 libglib2.0-data libicu38 libsmbclient libwbclient0
  openoffice.org-base-core openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-emailmerge
  openoffice.org-gnome openoffice.org-gtk openoffice.org-impress
  openoffice.org-math openoffice.org-style-human openoffice.org-writer
  python-uno samba-common smbclient ttf-opensymbol tzdata
26 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Free Windows Backup Software – GFI Backup Home Edition Freeware

How do I take a backup of my laptop / desktop that runs Windows operating system? Are there any Free Windows Backup Software that I can use?
Answer: There are lot of free Windows backup software available. GFI Backup Home Editionfreeware came as a sweet surprise to me when I tested for Windows XP backup and Windows Vista Backup. This has tons of features that even some of commercial backup software don’t have it. Best of all it is FREE.
You can do following high level activities on GFI Backup Home Edition
  • Backup – You can backup windows folders, files, windows registries, outlook emails to various destination locations — local backup folder, backup folder on LAN, backup to USB, backup to remote FTP. Windows XP Backup becomes a very easy task with this option.
  • Restore – Restore files from previous backups to the same location or to different locations.
  • Sync – You can synchronize local files and folders between 2 locations on the same computer, or between different computers, or between your computer and external USB, or FTP. You can pretty much sync local computer between any other device you like.
In this article, I’ve shown some screenshots that will give you an idea on available backup features. You can use this for Windows XP backup, Windows Vista Backup, Windows 7 Backup.

1. Backup General Information

In this tab, you can provide basic backup task related information. For example, backup task name, archive file / folder name, description of the task, email address where the backup notification should be sent out as shown below.

2. Backup Source Information

Select one or more of the following backup sources. Do you want to do a full backup of your Windows Vista OS (or) select specific files, folders etc.,
  • Source Backup Files & Folders
  • Registry Keys
  • Emails (Both Outlook and/or Outlook express)
  • User Settings – Backup of various user settings, including Windows Live Messenger, Skype, Firefox / IE Browser etc.,
Fig: Backup Windows Vista - Select Source Directories
Fig: Backup Windows Vista - Select Source Directories

3. Backup Destination Information

Select one of the following backup destinations:
  • Local folder / External Hard Drive
  • Local Area Network ( LAN Folder )
  • Removable disk devices ( Floppy, USB stick, Memory Card )
  • CD / DVD
  • Remote location using FTP
Fig: Backup Windows 7 - Select the Destination Directory
Fig: Backup Windows 7 - Select the Destination Directory

4. Backup Options

Following options are available:
  • Compression Settings: No Compression, Use Zip compression
  • Encryption Settings: No encryption, Zip password protection, AES encryption
  • Backup Type: Full Backup, Incremental Backup, Differential Backup
Fig: Free Windows Backup Software - Options Tab
Fig: Free Windows Backup Software - Options Tab

5. Backup Scheduler Option

Select one of the following backup schedule
  • Run Manually
  • Rune one time only
  • On Windows Startup
  • On Windows Shutdown
  • Days of Week
  • Run every few days
  • Run every few hours

6. Backup Event Notifications

For all the following notifications, you have the option of displaying notification in pop-up window, or Play sound, or Send an email
  • Backup Error Notification
  • Backup Warning Notifications
  • Backup Summary Notification
Apart from these notifications, you also have the option to do the following:
  • Execute a Windows batch script before the backup starts and / or after the backup ends.
  • Verify the integrity of the backup.
  • Shutdown, Hibernate, log-off or standby after the backup is completed.

15 Examples to Browse Google From Command Line Prompt

Goosh (the unofficial Google shell) provides command line interface on the web for several Google services to keep the command line junkies happy.
Linux users who are comfortable with command line prompt, will love to surf the net from command line using Goosh.
Goosh allows you to quickly search Google web, images, news and Wikipedia search. The output is presented in a very nice readable command line environment.
For the impatient, go to Goosh prompt, and type “web {keyword}” at the prompt to search Google from the command line.
Once you like the basic output come back to this article and figure out how you can use Goosh effectively using the 15 examples given below.

1. Google web search from Command Line Prompt

Following is the syntax for the search.
Syntax: [web|search|s|w] keywords
Start the search using s followed by the keyword as shown below. This will gives you the top most 4 URL as result.
guest@goosh.org:/web> s the geek stuff
To get more search results do one of the following.
guest@goosh.org:/web> more


guest@goosh.org:/web> {Enter-Key}
2. View Google Map from Command Line
Goosh command ‘place’ is used to do a google map search from the goosh prompt. Following is the syntax to do the search in google maps.
Syntax: place/places/map/p address
Fig: Locate Address in Google Map
Fig: Locate Address in Google Map
3. Search Wikipedia from Command Prompt
Use wiki command to search the Wikipedia website as shown below. Following example will search for geek in wikipedia and return the output.
syntax: [wiki|wikipedia] keyword

guest@goosh.org:/web> wiki geek

4. Open Website in Browser from Command Line

Following example will open http://www.thegeekstuff.com
syntax: go/g URL

guest@goosh.org:/web> go www.thegeekstuff.com

5. Perform Calculations From Command Prompt

Use Calc for calculations as shown below.
Syntax: calculate/calc

guest@goosh.org:/web> calculate 100+1
100+1 = 101

guest@goosh.org:/web> calculate 124/5
124/5 = 24.8

6. Search Google news from Command Prompt

Goosh command ‘news’ is to read news on your favourite topic from the goosh prompt. Following is the syntax for reading Google news.
The following example provides the latest news about Michael Jackson.
Syntax: news/n KEYWORD

guest@goosh.org:/web> news michael jackson

7. Translate a word in Google Translate from Goosh Prompt

Goosh provides a command to translate a word from one language to another language.
Following example translates the word “Good Morning” from English to Spanish.
Syntax: translate/trans/t [lang1] [lang2] STRING

guest@goosh.org:/web> translate en es good morning
translating "good morning" from english to spanish:

"buenos días"


8. I’m Feeling Lucky – Get the 1st Search Output Always from Command Line

Simulate the “I’m Feeling Lucky” Google button behavior from command line as shown below. The example below will open the 1st results for Paris Hilton automatically.
Syntax: lucky/l searchkeywords

guest@goosh.org:/web> lucky paris hilton

9. More: Get more results, that is the next results set page.

Goosh command “more” gives next set of URLs for your last search which is very useful when you want to go beyond the next 4 results.
syntax: more/m

guest@goosh.org:/web> more

10. Search Google Images From Command Prompt

Use Goosh command images as shown below.
Syntax: images/image/i searchword
The following example shows the 1st output of the image for search “taj mahal”
Fig: Google Image Search
Fig: Google Image Search

11. Google blogs: Search in blogs using Google blog search.

Goosh command “blogs” in goosh is used to do search in blogs using google blogs search. This will display the list of blogs URL which matches the given keyword.
Syntax: blogs/blog/b blogsearchwords

12. Search YouTube Videos from Command Prompt

Goosh provides a way to do a google video search using command “video”. The following example shows how to search for Susan Boyle’s YouTube video
Syntax: video/v KEYWORDS

guest@goosh.org:/web> video susan boyle
Fig: Search Youtube from Command Prompt
Fig: Search Youtube from Command Prompt

13. All available Goosh commands

Goosh command “ls” command is used to list out all the available goosh commands.
Syntax: ls

guest@goosh.org:/web> ls
web         news      more      blogs      read      feeds
place       translate images    video      clear
wiki        help      cd        site       open
go          lucky     ls        addengine  load
calculate   settings  gmail     login      logout
Help command gives more details about a specific goosh command as shown below.
ramesh.thegeekstuff@goosh.org:/web> help settings
help: settings

command aliases parameters function
settings (set) [name] [value] edit settings

set lang de - sets language to german
set lang - displays value of lang-setting
settings - displays all settings
settings reset - reset all settings to default values

14. View and Edit Goosh Settings

View the current Goosh settings as shown below.
guest@goosh.org:/web> settings
name value default help
lang en en google default language
results 10 4 number of results for google-searches (1..100)
timeout 4 4 timeout for ajax requests in seconds (1..100)
style.bg #FFFFFF #FFFFFF goosh background color
style.fg #000000 #000000 goosh font color
style.hl #009900 #009900 goosh highlight color
style.sh #666666 #666666 goosh 'shaded' color
style.link #0000CC #0000CC goosh link color
style.vlink #551a8b #551a8b goosh visited link color
place.width 300 300 width of map image (20..600)
place.height 150 150 height of map image (20..500)
To change the default number of results shown from 4 to 10 use the following command.
guest@goosh.org:/web> settings results 10
results is set to "10".

15. Access Gmail from Command Prompt

When you enter login command as shown below, it will forward you to Google accounts page to enter your authentication to login to Gmail.
Syntax: login

guest@goosh.org:/web> login
Once you enter this command, it loads Gmail login page. You just enter your gmail account details (username and password) and hit enter which will log you into gmail.
If the provided credentials are correct, it provides you a Goosh prompt with your account name in it. This indicates that you’ve successfully logged in to gmail from command prompt.
Goosh command “gmail” is for you to read and write in gmail. It provides you to access your gmail account in google shell itself. This is a mobile version of the gmail embedded for easy display.
Syntax: gmail

ramesh.thegeekstuff@goosh.org:/web> gmail