I was thinking of installing Firestarter so that I would have some type of firewall in place.

The Firestarter page seems to imply that it also does what Portsentry does. Is this true? (can i delete portsentry?)

Also, any comments on my choice of firewall programs??

;)

from what i remember of portsentry:

it justs detects an attempt to connect/scan a port.

firestarter does that and blocks the attempt. don't remember if portsentry does anything but tell you it happened.

i use firestarter. it's good if you don't really know much about firewalls. another firewall i've heard alot of good things about is PMfirewall.

hopefully someone else will answer your questions better.

I use PMfirewall and Portsentry.

Portsentry scans your ports for connection requests and logs them. It can also be setup to dump the requsts to ipchains where they get blocked.

Originally posted by binaryDigit:
from what i remember of portsentry:

it justs detects an attempt to connect/scan a port.

firestarter does that and blocks the attempt. don't remember if portsentry does anything but tell you it happened.

i use firestarter. it's good if you don't really know much about firewalls. another firewall i've heard alot of good things about is PMfirewall.

hopefully someone else will answer your questions better.

Portsentry's largest selling point is in fact it's responses. Having a setup like portsentry for just listening to traffic might work, but snort would probably make a better proggie for that. Portsentry is easy to configure with it's dropping routes, a typically configured portsentry will 1) add the offending host to hosts.deny 2) Drop the hosts via ipchains or route 3) Run an external command (if specified.. This could be retaliatory or useful, like playing a .wav when it detects a scan.) It seems to be a large misconception that portsentry only logs and doesn't do anything..