Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GUFW : Additional Firewall Rules


  • Please log in to reply
3 replies to this topic

#1 The Uprightman

The Uprightman

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Oz (aka Australia)
  • Local time:09:15 PM

Posted 26 June 2015 - 03:43 AM

Hi all.

I have installed and activated the GUFW and have added and additonal firewall rule (FTP, In/Out = Deny all).

I really do not know anything about firewall rules and therefore have no idea if there are any others that can or should be added to the list.

A Google search on "GUFW Firewall Rules" provided me with this information : http://www.linux.com/learn/tutorials/429427:create-firewall-configurations-easily-with-gufw-on-ubuntu

Unfortunatelty I do not understand anything about Amule, Deluge, Nicotine etc etc and nothing about FTP. HTTP, IMAP etc etc that the article refers to so cannot make an informed decision as to what to  allow, what to disable and what additonal rules should be applied (if any).

I don't expect anyone to take the time to try to explain everything I need to know about firewalls, rules and the types of traffic , however, if anyone has a good article to point me to that would help me undersatnd this a little better so that I can create firewall rules that will strengthen my pc's overall security, that would be very helpful.


Edited by The Uprightman, 26 June 2015 - 03:44 AM.


BC AdBot (Login to Remove)

 


#2 mremski

mremski

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:07:15 AM

Posted 26 June 2015 - 06:00 AM

I'll talk about firewalls in general, not GUFW or Linux.

Draw yourself a picture of your network first, with IP addresses.  Why?  To make it easier to understand the flows, in/out, interfaces.

Basic principle:

   Default Deny.  This means "deny/block/drop all traffic unless it is explicitly allowed".  Why do this?  In the long run easier to maintain than a "default allow".  Default allow means everything is allowed unless expressly prohibited.  Deny you discover you need something, you turn it on.  Allow you have to turn things off you don't need.

 

For a typical home network, you really don't need a lot of things turned on.  HTTP/HTTPS, NTP, DNS, SMTP/SMTPS POP3/POP3S, IMAP.  These are types of traffic, protocols, the "destination port" of the packets.  Web browsers use HTTP/HTTPS (80/443).  Time is NTP (123).  Computer Names is DNS, like google.com (53).  Email is a variety of things SMTP, SMTPS, POP3, POP3S, IMAP are all ways to send and receive email.  A home network typically needs only about 10-12 ports open to do 99% of daily activity.

 

Firewall rules basically block or pass each packet.  Think of a packet as a letter;  there is a destination address and a return address (the sender).  The firewall looks at each envelope, then applies rules.  Say you have a rule that says "block all letters from the ex-wife".  That would look at the return address for all envelopes, any from the ex-wife (regardless of who it's sent to) goes immediately to the dustbin.  One that says "pass any from eldest child to youngest child" would allow the mail and pass it off to the youngest child.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,570 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:15 PM

Posted 26 June 2015 - 07:26 AM

You may want to look at this, it will give you some idea about restrictive iptables.  Are you behind a router?

http://www.bleepingcomputer.com/forums/t/529607/howto-set-up-a-restrictive-firewall-using-iptables-rtfm-friendly/


Edited by NickAu, 26 June 2015 - 07:29 AM.


#4 The Uprightman

The Uprightman
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Oz (aka Australia)
  • Local time:09:15 PM

Posted 27 June 2015 - 12:00 AM

Hi guys, thanks for the assistance.

I took a look at this : http://www.bleepingcomputer.com/forums/t/529607/howto-set-up-a-restrictive-firewall-using-iptables-rtfm-friendly/ looks messy and convoluted way to do something. For me, I would simply be blindly following instructions with no idea as to what any of it actually means , so not prepared to do that.

Thanks again for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users