CFP 3.0 seen in Linux!

Breaking News:

Proof CFP 3.0 can resist in an OpenSource environment. Guys this is the latest from our labs in Texas, where Comodo Firewall Pro has been placed during 1 full day in an extremely hostile Linux operating system. Our technicians could actually not maintain the testing beyond the limit of 24 hours due to the aggressiveness of the climate: it has been reported that CFP has experienced several KDE storms and a Gnome hurricane. The screenshot attached to this post shows how the firewall has resisted so far: I would say: impressive!

update: I’m just being told that a Compiz tornado is underway, oh I don’t know guys, I don’t know if it is really wise to send CFP 3 back there!

[attachment deleted by admin]

OK now a bit more seriously, would be nice if Comodo could take the time, sometimes in the future (but not in a too far future :SMLR), to develop something for Linux. It doesn’t have to be OpenSource, Linux repositories are full of proprietary software, and guess what: Linux needs a good firewall. Because it doesn’t have any. It’s got some basic programs that are either not developed anymore, or that don’t even have a gui. Outbound protection is inexistent. it might be true, although I’ve only read about it, that Linux is by nature less vulnerable to online threats like viruses or spyware than Windows (malware being developed to target MS OS) but a connection is a connection, and I can see no reason why Linux wouldn’t need a firewall, a real one. Think that companies like Dell and HP, or Lenovo, sell Linux Desktops now (with Ubuntu, Suse or else), and I’m sure that many users would appreciate a Linux version of CFP. Probably not easy to achieve, technically and most likely very time consuming. But hey, Windows is not the only OS (or is it?) and it would be the first time that a 1st class security product would be ported to Linux. OK that was my message. :THNK

I think this is a good idea, there is a definite need for a good firewall in linux, linux may not be a big target yet, but I am sure that will change in the near future.

And of course, who better to provide a firewall then Comodo, if Comodo were to create a linux firewall it would most definitely spread the name around.

thanks for the support Justin. Hoping that other Linux users in this forum will come to post in this thread. (:WIN)

I agree with Justin. If Linux gets more users, they’ll certainly be a bigger target in the future. Linux is a very secure OS (compared to Windows), but it’ll still need a good firewall :wink:
If Comodo made their firewall Linux-compatible, they would proabably make a big name in the Linux-world.

absolutely, as I said above, it would be the first time that such a software would be introduced to Linux. Of course not Def+, Linux OS is too different to adapt a Windows HIPS to it, but a firewall should be doable. Anti-virus software from Avast (but with no shield) and AVG (possible shield) are available in Linux, but viruses are not an issue in Linux (at the moment): OS not targeted because too few people use it, and difficulties from malware to reach the system (executables can’t be activated without the user’s consent, root access needed etc…). But still there are a few millions of Linux users (which is not much compared to Windows I know) in this world who would appreciate the presence of a firewall having the quality of CFP. Think that the whole French adminisration is switching to Linux. (all Windows based machines were switched to Ubuntu at the french parliament already):

Again, CFP does not have to become OpenSource to integrate the Linux world. And as soon as a distro would make it available in its repositories, other distros would follow. It’s just a matter of agreement between companies, and I’m sure, as Ragwing said, that Comodo would gain in popularity, just because it hasn’t been done before.

Another thing; approximatively 30 % of servers are running Linux (including all Google servers). I have no idea if - a modified version of - CFP could run on Windows based servers, but if it did, it could also be an idea to target Linux servers, and not only desktops with CFP.

I completely agree with everything said here. I just switched my older laptop over to Linux this way I can begin to ween myself away from Windows since in a few months I’ll have nothing left to use.

I can testify to the fact that, at least in the repositories I use, nothing exists that is nearly comparable to this software and that I do indeed want something to protect me even though many claim I don’t need it.

Only time will tell but I’m sure eventually Comodo will follow its users opinions.


good point Dave, the only firewall I know of that can be found in Linux repos are Firestarter or Guarddog: both very average in quality and their development was simply stopped 2 or three years ago. The one I use at the moment is called smummy [!]wall (integrated in the distro I use, PCLinuxOS, based on Mandriva) and doesn’t even have a GUI, only a kind of “interactive” (they call it like that :SMLR) panel that’s supposed to report stuff, never found anything in it :SMLR But the worse is that smummy [!]wall like other “existent” Linux firewall do not even offer any outbound protection. And that’s for example where Comodo could achieve something with CFP.

adding: sounds like the forum software wants to replace my Linux firewall name by all means ??? (I can assure you that’s not an offensive word (:NRD) )

Hi, correct me if I’m wrong but firestarter / guarddog are only gui to configure iptables that is built into most linux distros.

Actually I kind of like not having to answer firewall/ hips popups in linux. (:KWL)
Just my 2 cents worth.

you’re absolutely right about the functionality of Firestarter and Guarddog, they’re not real firewall but just there to monitor and/or configure IPtables found in Linux, but the community calls these software firewalls, where the whole “Software gui + IPTables” should be considered as such, if it was properly developed. I’m not a network specialist but I can tell from a user point of view that exactly where a program like CFP protects my computer in Windows, there’s no such protection in Linux.

Now for alerts, I’d rather get one when anything I’m not aware of is connecting to anything without my consent, which probably happens.

(for non-linux users: IPTables are a part of the network filtering system in Linux)

Hey Leopard19, I actually use PCLinuxOS too so I guess we’re both attempting to find the same good firewalls that just don’t exist. I just started about two weeks ago and have been having some configuration problems (plus one odd problem concerning firefox and this forum)but I think I’ve got most of them figured out after some help from the people on their forum.

It’s proving to be a great distro and it’s making it easier and more likely for me to leave Windows in the dust in the future (not for a while though).

Are you over at their forum? I just started making regular appearances so I can figure out my problems but they seem to be real friendly and helpful just like over here.


Hi Dave,

yes I’m on the forum of PCLinuxOS, but that’s recent: I registered a few days ago under the pseudo of Guepard5. I’ve been on their forum before, with another account , back in September or October. I actually started to use PCLinuxOS last July if I remember correctly. Yes it’s a very good distro, extremely stable and updated regularly. It’s also the only one that allows to install ATI drivers faster than in Windows :SMLR Sounds crazy for Linux, as other distros require to either use the repos and pray while rebooting not to get a black screen of death, or compile the drivers oneself. The ATI auto installer found on AMD website, although conceived for OpenSuse and Fedora, works the best in PCLinuxOS…

What problems did you have with Firefox? I install it from the repos as they always have the latest version ( at the moment), and configure it just like in Windows. And you spoke about other configuration issues, solved now…

Anyway the 2008 version (the real 2008, not MiniMe :SMLR) schould be there soon. Guess it will have KDE4 as an option, as it is already the case in Kubuntu, Mandriva or Suse.

Back to topic. Yes, again, available firewalls in Linux are a joke. I tried again Firestarter yesterday and the only way to get some outbound protection in it is to enter manually the ips that you don’t like in a black list. That’s not acceptable. A company will have to make the first modern firewall in Linux, hey Melih, are you there? Would be nice if you came to this thread and give us your opinion… (:WAV)

Hi, I’m actually relatively new to the forum myself and you’re right, PCLinux is a great distro. Thanks for the tip on the ATI drivers.

The problem with firefox actually involves this site, I wrote about it here:;msg129224#msg129224

I’ll just leave it like that so I won’t pollute this thread further.

I’ve been wondering about the 2008 version. I wanted to try mini me but I know I’m just too green right now to make it work for me. Besides, this one is fast enough even with all the programs.


Just checked Linux on Wikipedia, and it’s said to have 1% of all users. Doesn’t sound like much, but there’s around 1.2 billion Internet users, and 1% of that is 12 million!

I knew that :SMLR just didn’t want to mention it in this thread (lol): I’d really like Comodo to try something with Linux as it’s the only alternative OS on a PC, and hey, 12 millions is 12 millions (:WIN) And chances are that this number will grow in the coming years as more and more big manufacturers started to equip some of their machines with Linux. I don’t like Ubuntu but its popularity made that happen (Dell, HP,Lenovo). There’s even an Asus mainboard (I think chipset P35) with a minimal distro installed and accessible at computer startup, in case the PC wouldn’t boot anymore. It works like a live CD, which means internet access etc…

That’s actually a significant amount of people, which, like everyone has said will surely grow.

For me and probably many others it worked like this: I’ve known about Linux for years. While Ubuntu wasn’t exactly a popular household name it was known enough so that it filtered down through the masses and made its way to me. I’ve always wanted to mess around with it but for years wasn’t able to get it. For me at least, it was still too geeked up.

A few weeks ago I had some free time and a lapse of common sense so I downloaded a live cd, popped it in, formatted hard drive completely (bye bye Windows) and took the plunge. It certainly has not been easy and a fair amount of my time has been spent searching the Web for answers, but it worked enough so that I didn’t ditch it.

Sure, I’ve had some problems ranging from 3d problems to a login that killed the operating system but that was my own fault. After forum searches and web searches I learned enough to fix it on my own.

Here lies the crux of Linux right now in my opinion. It’s desktop friendly, but only to the person who doesn’t mind a little research and a bit of tinkering to get it right. My parents for example, as technologically savvy as the next Windows user, just couldn’t do what I did. As much as some people want to stay away from the look, feel, taste, etc. of Windows we have to admit they did something right in the hand holding/ease of use area and for the older generation that’s what is most important.

Lets be honest here, most people could care less that the desktop look can be altered in at least 50 different ways, most people could care less apt-get, root, and command line tinkering. They just need it to work so that my grandmother who’s never used a PC in her life can figure it out without googling for hours.

[/end rant]

Sorry about that, I got carried away and I’m bored at work.


lol I see this is slowly becoming a thread about Linux (not just the need of a firewall), and I’m quite happy about it. Dave you know once installed by someone who knows how to do it, for someone who doesn’t know anything about computers, it doesn’t make any difference whether it’s Windows or Linux. Non-geek users spend their time browsing the web without tweaking anything, without installing anything, without modifying any setting, and again, for people like that, once Linux is installed, there’s no problem. Linux is extremely stable, requires less memory than Windows, and can run without anything to troubleshoot during months and months in the hands of a newbie. And those people won’t call you (like some members of my family do :SMLR) to the rescue every time their browser got stuck, just because they always forget to close it, or don’t see the need of it (lol) and when you get to their computer you see 25 instances of IE or Firefox running. Well that doesn’t matter in Linux, as the memory management there is far superior to what’s found in MS Windows. Linux will use your RAM until there’s nothing left, and won’t do all those unnecessary swaps to the hard disk that XP loves to do (Vista’s behavior is a bit better though). If you open KSysguard in PCLinuxOS (or any other distro with KDE) you will notice that your swap partition is not used at all. It is there just in case. I’ve already tried to overload my PC RAM on Linux and I couldn’t make it. That’s the difference with Win XP which doesn’t know how to use RAM properly.You’ll also notice that your RAM in Linux seems to be entirely used - from the KSysguard panel -but your machine still runs perfectly smoothly…the reality is that Linux pre-cache a huge amount of RAM for applications that you already run, or data that you already accessed, hence avoiding that loss of performance experienced in Windows that tries to access the HDD data and pagefile all the time, leaving some of your RAM unused, See here:

Also for non-geek users, hey Linux doesn’t crash, never; don’t get me wrong, some apps do and KDE does, but the system itself never (no explorer down there). As the graphical interface is totally separated from the system, a crash from the GUI doesn’t really matter. Hitting CTRL-ALT-BACKSPACE restarts X, no need to reboot (ATI cards are an exception, as ATI drivers for Linux are a nightmare). I’m not saying that Linux is better than Windows, because I don’t think it is, but that it can bring to any user, advanced or not, a lot of benefit.

PCLOS2007 here as well, for nearly a year. I’m quite pleased w/it. Not very active in their forums; haven’t had a big need, since I haven’t had any serious issues. The issues I’ve had have mostly been resolved by searching their existing posts for the answers.

And YES! Comodo absolutely, positively, MUST develop a full-featured Linux firewall, which works independently of iptables. They DO exist, but you’ve got to lay out $$$ for them. Lots of $$$.

BTW, you do have outbound protection in iptables, IF you take the time to input all the IPs you want blocked. The thing is there’s no application control in that context.

There have been some IPS modules developed for Linux that work off of SNORT rules to not just log/report intrusion, but actually block/stop them. This would start to get a bit closer. However, I don’t think any of them seem to remain active.

CLF (Comodo Linux Firewall) doesn’t need all the bells and whistles of v3, but network and application access control would sure be sweet. Since IDS already exist, perhaps they could tweak that into a basic HIPS as well?


thanks for the support Little Mac. I knew you could manually enter IPs in a blacklist in Linux, but what I was actually thinking of was there’s nothing there like an automatic detection by a firewall concerning an application that would “invisibly” try to connect to any IP.

I don’t post much at PCLinuxOS forum either; I’ve had some bad experience in the past with their forum (tens of posts from tens of users deleted frequently with no explanation, unanswered posts everywhere, and that hasn’t changed) I registered a new account a few days ago just in case. But I agree that reading the posts and googling bring many answers already. The other thing that hasn’t changed is that PCLinuxOS remains a bloody good distribution, and again, yes, it does, like other distros do, absolutely need a real firewall (and a HIPS too if doable), and who more than Comodo has the potential to make it :THNK

Interesting comments LittleMac, I agree the firewall doesn’t need all the bells and whistles that Windows users have. Matter of fact, I think less bells and whistles would actually be a little better for some linux users. The idea of an HIPS system would be wonderful.

I do have to disagree with the forums though. I’ve posted many questions at the forums and they’ve all been answered. I’m rather surprised to hear that they delete posts without warning. I know the mods there are tough, but thats extreme.