Announcement

Collapse
No announcement yet.

Firewall Question

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Firewall Question

    Hello All:-)

    I am new to this Forum so sorry if this is in the wrong place or has been asked a million times I would like to know if a Firewall is needed and if so which one? I couldn't get Firestarter or Gufw to work in kubuntu 11.10, your input will be appreciated. Thanks, Granny
    Tags: None
    • Top
    • Bottom
    #2
    Re: Firewall Question

    A host-based firewall is useful for blocking inbound traffic to TCP or UDP ports that are waiting for incoming connections. You can obtain a list of such "listening sockets" with this command:

    Code:
    sudo netstat -ple --inet
    Linux opens very few listening sockets by default. For example, here's mine:

    Code:
    Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address     State    User    Inode    PID/Program name
tcp    0   0 localhost:ipp      *:*           LISTEN   root    15536    1403/cupsd
udp    0   0 *:bootpc        *:*                 root    9401    1476/dhclient
udp    0   0 *:mdns         *:*                 avahi   8709    1131/avahi-daemon:
udp    0   0 *:51048         *:*                 avahi   8711    1131/avahi-daemon:
    I should probably remove Avahi, since nothing on my home network uses it. However, my network is also behind a NAT router, which does an even better job of blocking unwanted traffic than the operating system itself will do. If you're using a wired or wireless router, my suggestion would be not to worry about running a host firewall on a Linux computer.

    OTOH, Windows is a different beast. It opens many more listening sockets. For this reason, Windows has included a host firewall since XP; with Service Pack 2, it became enabled by default (and has been ever since). These extra listening services are useful in home and corporate networks, but serve no purpose on the Internet. Thus, the built-in firewall in Windows offers "private" and "public" profiles and configures its traffic blocking accordingly. In the public profile, no unsolicited inbound traffic is permitted to listening sockets. Unsolicited means traffic that isn't a reply to a specific outbound request you previously made. Various elements the headers of traffic packets provide mechanisms for the protocol stack to detect the differences.

    The false belief that firewalls should protect outbound connections still persists. I've written about why this is a fallacy before, so I won't repeat the entire argument here. In summary, people think that outbound protection will prevent a computer from spreading an infection. This is flat wrong. If your computer is infected with malware, you've already lost! The first thing that malware will do is alter or disable the firewall, or spoof its own behavior so that the firewall thinks the malware is legitimate. Don't fall for such incorrect thinking.
    • Top
    • Bottom

    Comment

      #3
      Re: Firewall Question

      Thanks for the information & your speedy reply
      • Top
      • Bottom

      Comment

        #4
        Re: Firewall Question

        ufw is installed on any new *buntu installation but disabled by default. It can be enabled from the console with:
        Code:
        sudo ufw enable
        Without doing any configuration, enabling ufw results in:
        deny (incoming), allow (outgoing)
        This is basic protection as I understand it, and sufficient for most users.
        Windows no longer obstructs my view.
        Using Kubuntu Linux since March 23, 2007.
        "It is a capital mistake to theorize before one has data." - Sherlock Holmes
        • Top
        • Bottom

        Comment

        Previous template Next
        Working...
        X