[sarcastic_bastard]

Ok, now I think it's generally assumed that most people have broadband, but this is not necessarily the case. Some, like myself (yeah, it does suck) find themselves stuck on dialup. And I like to know that my system is being protected. I'm a fan of the Firestarter firewall, easy to use interface, and allows you to easily set rules to enable or block access. This, in my opinion, should be part of the base install.

Going to install it later seems to want to drag in a bunch of KDE dependencies. WTF? It's aGnome app, why is it dragging in more KDE?

Regardless, something like this would be useful, and give peace of mind to people that run the cd, or install. It's easy, and makes a lot of sense.

[don_crissti]

Going to install it later seems to want to drag in a bunch of KDE dependencies. WTF? It's aGnome app, why is it dragging in more KDE?

that is indeed the thing to say when you use a Gnome distro and want to install a Gnome app...

However, a more in-depth look and an overall view could provide the answer to that very justified question. This is not an official answer (as I don't know it) but merely my opinion. When they build (or adapt, attune & rebuild) packages they do it so that those packages are usable by the main distro (i.e. PCLOS 2007)... As we all know the D.E. there is KDE so most of those packages contain stuff to make them run under KDE. That's why they sometimes drag KDE dependencies... (at least that's what I think)

The SPEC is "the recipe" for the RPM. It tells about the ingredients, the procedure etc needed to build a RPM. So, I had a look at the Firestarter SPEC file. There's a line in there (in a diff file) that says:
kdesu --noignorebutton -c firestarter
Obviously that would be the equivalent of gksu for KDE. But this tuning for KDE also means marking several KDE dependencies... etc. I think you get the picture...

Give us some time to try to rebuild this without KDE dependencies and if successful then we'll post it in the package requests section. Of course, I will ask for your help with the testing.

Best regards,

don_crissti

[sarcastic_bastard]

Soooo, anyway, about my suggestion/request it become part of the base install? Is it up for consideration in future releases, or will it remain an add-on?

[don_crissti]

Yes, we'll take that into consideration when we'll start building the next release.

[Digital_Resistance]

I would also appreciate if at least a basic firewall were included in the PCLOS GNOME ISO.

In the KDE version of PCLOS, I was able to enable the firewall in just a few clicks in in the PCLOS Administration Center. In this (GNOME) edition, however, trying to do this results in a message that shorewall needs to be downloaded and installed being displayed. Clicking 'yes' causes a blank window to appear that says only that Shorewall is being downloaded but gives no indication whatsoever of the progress, which is especially unnerving given how long it goes on- many times longer than via Synaptic. At least once, after an especially long time, it told me that the package (Shorewall) could not be installed and did not offer any further details.

It would also be nice to be able to actually see a detailed graphical display of all network activity, the way most software firewalls for Windows have.

EDIT: Like the O.P., I am also on dial-up. Not being behind a NAT-router, some software firewall is essential to those who connect via dial-up. ( Who remain many-- in absolute numbers-- despite being a distinct minority of overall Internet users)

[sarcastic_bastard]

Well, a firewall on dialup is reassuring yes, but not "essential" really, that's more the carriover of the mindset from windows, where one IS necessary. If you've no services running pointed at the internet, you should be fairly secure until you do enable something, so, unlike with say XP, you won't be compromised minutes after being connected to the net. But Firestarter is very easy to set up. Pretty sure it was included with the Gnome ISO's. I'm running Zen, which doesn't come with it, but pretty sure the full Gnome does have.

[lightning slinger]

.... Not being behind a NAT-router, some software firewall is essential to those who connect via dial-up...

Whilst being behind a NAT router does have a distinct advantage it may be interesting for you to take the 'ShieldsUP!' test at the Gibson Research Company website and see if any ports are visible to the outside world.
http://www.grc.com
HTH

[knome]

.... Not being behind a NAT-router, some software firewall is essential to those who connect via dial-up...

Whilst being behind a NAT router does have a distinct advantage it may be interesting for you to take the 'ShieldsUP!' test at the Gibson Research Company website and see if any ports are visible to the outside world.
http://www.grc.com
HTH

I'm running PCLOS Gnome behind a NAT router and I haven't set up any software firewall. I get this...

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

[lightning slinger]

I'm running PCLOS Gnome behind a NAT router and I haven't set up any software firewall. I get this...

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

That's what you would expect from behind a NAT router, that's also what I would have expected with any linux distro on a dial-up modem however it would have been interesting to see what results were achieved from a dial-up modem with and without Shorewall installed.
I agree the lack of dialogue when downloading Shorewall prevents the size of the download being known but it's never seemed excessive to me and has been quickly done with only a few clicks in PCC Security. Perhaps the time has come to have Shorewall preinstalled on the iso!
Edit: Just checked on the Shorewall website and it seems the download size is minimal.

[sarcastic_bastard]

Can anyone verify for me? Does the full Gnome 2010 release have Firestarter installed? I seem to think/remember it does, but I'm running zen, and can't be bothered recalling where I left the Gnome 2010 cd lying around.

[lightning slinger]

Can anyone verify for me? Does the full Gnome 2010 release have Firestarter installed? ...

No it doesn't!

[sarcastic_bastard]

Hmm, must be the earlier version I'm thinking of then, I know it used to come installed. :/

[Digital_Resistance]

I'm a fan of the Firestarter firewall, easy to use interface, and allows you to easily set rules to enable or block access. This, in my opinion, should be part of the base install.

Can Firestarter be used instead of Shorewall? Or can Firestarter only work if Shorewall is installed as well?

Whilst being behind a NAT router does have a distinct advantage it may be interesting for you to take the 'ShieldsUP!' test at the Gibson Research Company website and see if any ports are visible to the outside world.
http://www.grc.com
HTH

Been there, done that.
(More direct link, BTW, is https://www.grc.com/x/ne.dll?bh0bkyd2 ).

Short version:
-no ports open even before activating the Firewall

-must activate the firewall to stealth all ports and even then, port 113 usually keeps me from getting a "TruStealth" rating.

Long version: viewtopic.php?f=6&t=2960
I started writing that as a reply to this post and then I realized I should probably start a new thread with it. So I did.

That's what you would expect from behind a NAT router,

That is my understanding as well.

that's also what I would have expected with any linux distro on a dial-up modem

Really?

Why would dial-up alone "stealth" all ports?

(Also, in at least one distro I tried (antiX MEPIS), without activating the included Firehol firewall, the above-linked GRC scan would show ports 22 and 80 as being open. (But only in the default boot-up; the "no net" and "faster boot" options seemed to close-- but not stealth-- all ports))

however it would have been interesting to see what results were achieved from a dial-up modem with and without Shorewall installed.

See above.

I agree the lack of dialogue when downloading Shorewall prevents the size of the download being known but it's never seemed excessive to me and has been quickly done with only a few clicks in PCC Security. Perhaps the time has come to have Shorewall preinstalled on the iso!
Edit: Just checked on the Shorewall website and it seems the download size is minimal.

Yes, Synaptic shows the download size as only 377kb and via Synaptic, the speed is what one would expect for a download of that (small) size. So, when I first downloaded and installed Shorewall via Synaptic and only then activated the Firewall in the Control Center, it was indeed "quickly done with only a few clicks in PCC Security."

(Though I did just remember that upon completion of the Shorewall download in Synaptic, I always got an error message consisting of several lines to the effect of,
"netfs needed by Shorewall on level __")

The problem, however, as I described in my previous post, is that I only learned this the hard way; only after waiting as long as 45 minutes for PCC Security to download Shorewall, at no point of which being given any indication whatsoever of the progress or even just the size of the download and after which, I more than once received an error message only telling me that the download/installation had failed.
_____________________________

Finally, since both dial-up as well the GNOME ZenMini edition were mentioned, perhaps some one could tell me whether or not the dial-up GUI GNOME PPP is also included in the ZenMini edition?

I would have thought such basic information would be easy to obtain but my experience has proven otherwise, as can be seen from this thread I had started back in April at the main PCLOS forum:
http://www.pclinuxos.com/forum/index.ph ... 179.0.html

[lightning slinger]

that's also what I would have expected with any linux distro on a dial-up modem

Really?
Why would dial-up alone "stealth" all ports?

I meant 'any linux distro with firewall enabled' should show "stealth" even on dial-up as opposed to "closed".
Remembering that Shorewall is merely a script to configure the iptables around the options selected by the user.

[sarcastic_bastard]

Ok, sitting at the box in my lounge-room, where I've just done a fresh Zen install, and took a bit more notice before adding things. Gnome-PPP is indeed included, as is Firewall Setup, which asks you to be connected while setting it up, but doesn't need to drag in anything else, so yes, there is firewall setup protection available from the start, so fairly well covered with Zen.


edit: I take it back, it does want to install Shorewall if you actually want to use it. I went thru set up, but didn't actually bother with using it to block anything. Hmmm. I think consideration should def be given to Firewall functionality "out of the box" in the next releases.