[tor-talk] [off-topic] linux firewall

grarpamp grarpamp at gmail.com
Fri Dec 23 19:23:07 UTC 2016


On Fri, Dec 23, 2016 at 8:04 AM, Lara <lara.tor at emails.veryspeedy.net> wrote:
> Linux is such a backwards system, yet, like firefox, it is the only
> working alternative to closed systems.

While Linux may be a more commonly heard of alternative,
it is definitely *not* the only alternative. For example, another
equally capable Unix-like OS is FreeBSD...

https://www.freebsd.org/
https://www.freebsd.org/ports/
https://en.wikipedia.org/wiki/FreeBSD

It runs Tor, firefox, firewalls, and thousands of your favorite applications
just like Linux does. And you don't have to worry about choosing
which 'distro' wrapping paper over the same thing is best for you,
since there's essentially only one FreeBSD and it's all made in one
house.

> I can't seem to find any decent firewall. Like http, the linux firewall
> is the same concept from the age of arpanet. Do you know any working and
> stable project that can be the equivalent of say AFWall+?

The Linux packet filtering scheme, flow and ruleset can be
very unnatural and hard for people to understand.

FreeBSD uses ipfw or pf, they're relatively similar.
And if you don't like command line manipulation of rulesets
but still like to use FreeBSD for its advantages, there
are some BSD based 'firewalls'...

https://opnsense.org/

https://en.wikipedia.org/wiki/PfSense
https://www.pfsense.org/

https://en.wikipedia.org/wiki/BSD_Router_Project
http://bsdrp.net/

There are at least three other variants of BSD
and their accompanying firewall projects out there.
However FreeBSD has more support for users new to BSD.

Users also need to know what a firewall is and is not,
and can and cannot do, before they can expect one
to be of any use to them.

The latest in Linux's continual game of packet filter
rip and churn foisted upon its users is...

https://en.wikipedia.org/wiki/Nftables
http://netfilter.org/projects/nftables/

You probably won't see a BSD equivalent to AFwall
on phones for 3-5 years since the BSD's are just now
having good projects to port their kernels and userland
to typical embedded phone hardware (ARM processors, etc).

You don't say what you're trying to do but there's...
https://guardianproject.info/
https://www.torproject.org/docs/android.html.en


More information about the tor-talk mailing list