Post by oblio on May 1, 2021 17:18:33 GMT
May 1, 2021 11:51:31 GMT ylee said:
OK for the record here I am hardly an expert at iptables. I know enough to get by with what I do and I do use it. I do not usually install ufw. Anything more complex than what I usually set up with iptables I have to look over the man pages and maybe google. But anyway here is my take on firewalls and bodhi for new users:First of all not all users are going to need or want a firewall. It is up to them to decide. I envision Bodhi as a distro for intermediate to advanced Linux users. I know we get users that are not that knowledgeable and may even be new to Linux. We do not wish to discourage them from using Bodhi or Linux, that is why we have a forum and Discord channel. We are here to help.
Now iptables is complicated, consider this diagram found in an article about it:
The command
sudo iptables -L
lists your current rules in iptables. If you have just installed Bodhi, you will have no rules, and the output of that command will be:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
It is my understanding that by default Ubuntu and hence Bodhi have no open ports so your computer cannot be accessed by intruders. I have not run a port scan on a fresh install of Bodhi to check that. I want at least one open port myself as I ssh into my machines. I set that up myself.
I do not recommend a user use iptables directly unless they know what they are doing. You can type man iptables into a terminal and read all about. Even better google it.
ufw is a command line tool to make it easier to use. gufw is a GUI for ufw. If you do not know what you are doing I recommend you install ufw and use if you wish to have an active firewall. ufw may or may not be installed on whatever version of Bodhi you are using. I am leaning towards installing it by default on the BL6 official release. But anyway:
sudo apt install ufw
It is not active by default, you can check that by
sudo ufw status
sudo ufw enable
sudo ufw status verbose
Now you can see it is using iptables by checking the iptables rules again:
sudo iptables -L
You may want to consider disabling ufw's logging as most users probably do not need that info and will probably never look at it:
sudo ufw logging off
Unless you have other needs this is really all you need to do. You now have an active and working firewall