mimi
Member
Posts: 38
Likes: 28
|
Post by mimi on May 1, 2021 8:34:19 GMT
I've understood that for firewall protection in Bodhi6, iptables are used by default, instead of ufw or firewalld.
To activate the firewall do I need to edit /usr/bin/iptables-legacy and /usr/bin/ip6tables-legacy files, or are these active by default?
I opened both these files using gedit but they were empty - they didn't contain any lines of code - do I need to enter any code?
How do I know if bodhi6 is giving a basic default firewall protection - is there a command I can use in the terminal to check this?
Firewall protection on my laptop is important, as my router doesn't contain any built-in firewall protection, according to my internet service provider, who provided the router (talktalk).
|
|
|
|
Post by ylee on May 1, 2021 11:51:31 GMT
I've understood that for firewall protection in Bodhi6, iptables are used by default, instead of ufw or firewalld.
To activate the firewall do I need to edit /usr/bin/iptables-legacy and /usr/bin/ip6tables-legacy files, or are these active by default? I opened both these files using gedit but they were empty - they didn't contain any lines of code - do I need to enter any code? How do I know if bodhi6 is giving a basic default firewall protection - is there a command I can use in the terminal to check this? Firewall protection on my laptop is important, as my router doesn't contain any built-in firewall protection, according to my internet service provider, who provided the router (talktalk). OK for the record here I am hardly an expert at iptables. I know enough to get by with what I do and I do use it. I do not usually install ufw. Anything more complex than what I usually set up with iptables I have to look over the man pages and maybe google. But anyway here is my take on firewalls and bodhi for new users: First of all not all users are going to need or want a firewall. It is up to them to decide. I envision Bodhi as a distro for intermediate to advanced Linux users. I know we get users that are not that knowledgeable and may even be new to Linux. We do not wish to discourage them from using Bodhi or Linux, that is why we have a forum and Discord channel. We are here to help. Now iptables is complicated, consider this diagram found in an article about it:  The command sudo iptables -Llists your current rules in iptables. If you have just installed Bodhi, you will have no rules, and the output of that command will be: Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationIt is my understanding that by default Ubuntu and hence Bodhi have no open ports so your computer cannot be accessed by intruders. I have not run a port scan on a fresh install of Bodhi to check that. I want at least one open port myself as I ssh into my machines. I set that up myself. I do not recommend a user use iptables directly unless they know what they are doing. You can type man iptables into a terminal and read all about. Even better google it. ufw is a command line tool to make it easier to use. gufw is a GUI for ufw. If you do not know what you are doing I recommend you install ufw and use if you wish to have an active firewall. ufw may or may not be installed on whatever version of Bodhi you are using. I am leaning towards installing it by default on the BL6 official release. But anyway: sudo apt install ufwIt is not active by default, you can check that by So to turn it on, that is make it active and ensure it is active at boot: Now you can check its status: sudo ufw status verboseNow you can see it is using iptables by checking the iptables rules again: sudo iptables -LYou may want to consider disabling ufw's logging as most users probably do not need that info and will probably never look at it: sudo ufw logging offUnless you have other needs this is really all you need to do. You now have an active and working firewall  |
|
mimi
Member
Posts: 38
Likes: 28
|
Post by mimi on May 1, 2021 14:18:49 GMT
ylee Many thanks for your very full and thoughtful reply  For now, I think I'll stick to using ufw, as I've always used this in the past, and as you infer it's uncomplicated for setting up a simple firewall, which suits my intermediate linux skills level.
|
|
