Firewall Basics and Considerations

oblio
Web Dev

Posts: 407
Likes: 423

Firewall Basics and Considerations May 1, 2021 17:18:33 GMT ylee and parmanandmotiramani like this

Quote

Post by oblio on May 1, 2021 17:18:33 GMT

May 1, 2021 11:51:31 GMT ylee said:

OK for the record here I am hardly an expert at iptables. I know enough to get by with what I do and I do use it. I do not usually install ufw. Anything more complex than what  I usually set up with iptables I have to look over the man pages and maybe google. But anyway here is my take on firewalls and bodhi for new users:

First of all not all users are going to need or want a firewall. It is up to them to decide. I envision Bodhi as a distro for intermediate to advanced Linux users. I know we get users that are not that knowledgeable and may even be new to Linux. We do not wish to discourage them from using Bodhi or Linux, that is why we have a forum and Discord channel. We are here to help.

Now iptables is complicated, consider this diagram found in an article about it:

The command

sudo iptables -L
lists your current rules in iptables. If you have just installed Bodhi, you will have no rules, and the output of that command will be:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

It is my understanding that by default Ubuntu and hence Bodhi have no open ports so your computer cannot be accessed by intruders. I have not run a port scan on a fresh install of Bodhi to check that. I want at least one open port myself as I ssh into my machines. I set that up myself.

I do not recommend a user use iptables directly unless they know what they are doing. You can type man iptables into a terminal and read all about. Even better google it.

ufw is a command line tool to make it easier to use. gufw is a GUI for ufw. If you do not know what you are doing I recommend you install ufw and use if you wish to have an active firewall. ufw may or may not be installed on whatever version of Bodhi you are using. I am leaning towards installing it by default on the BL6 official release. But anyway:

sudo apt install ufw
It is not active by default, you can check that by

sudo ufw status

So to turn it on, that is make it active and ensure it is active at boot:

sudo ufw enable

Now you can check its status:

sudo ufw status verbose

Now you can see it is using iptables by checking the iptables rules again:

sudo iptables -L

You may want to consider disabling ufw's logging as most users probably do not need that info and will probably never look at it:

sudo ufw logging off
Unless you have other needs this is really all you need to do. You now have an active and working firewall

donate: www.bodhilinux.com/donate/
&
meditate

oblio
Web Dev

Posts: 407
Likes: 423

Firewall Basics and Considerations May 1, 2021 17:20:45 GMT

Quote

Post by oblio on May 1, 2021 17:20:45 GMT

May 1, 2021 8:42:10 GMT kiezel said:

Well, of course you don't need a firewall in your OS when connected to your own network, if the router of your network already has its own active firewall. One blockade suffices.

But in almost all other situations you do. Especially public WiFi networks are risky. So the use case for an active firewall is pretty widespread.

In those cases Uncomplicated Firewall (ufw) offers an extremely simple solution:
sudo ufw enable

ufw has a sensible set of default settings (profile), which are fine for the vast majority of home users. There are smart exceptions in the default ufw settings (rules), which should ensure that the firewall is never in the way of normal average use. For example, with the default profile the use of Samba should be no problem. Also downloading torrents (fetch) should be possible; but seeding torrents (serve), might require a temporal disabling of ufw:
sudo ufw disable

Last Edit: May 1, 2021 17:21:49 GMT by oblio

donate: www.bodhilinux.com/donate/
&
meditate

Stella
Member

Posts: 52
Likes: 24

Firewall Basics and Considerations Mar 18, 2024 12:18:18 GMT

Quote

Post by Stella on Mar 18, 2024 12:18:18 GMT

I noticed ufw isn't installed on my new install of Bodhi 7 legacy beta - when I went to enable it. I nearly installed it but it seemed quite large. And the machine it's installed on only has an 8gb drive. Do you know how much space it takes up? Also I have no idea what iptables are. Should this concern me if I install ufw?