Announcement

**wizard10000** · Jun 11, 2011, 09:53 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by craigbert

Hello All,

How can I tell if my firewall is up and running?
I did a "service --status-all" but I don't see anything that looks firewall-ish.

sudo ufw status

But - Ubuntu doesn't ship with any firewall rules, so although your firewall might be running it won't filter any traffic until some firewall rules are added.

Hope this helps -

**craigbert** · Jun 11, 2011, 09:59 AM

Re: How can I tell if I have a firewall up and running?

Thanks wizard10000! It shows to be inactive! YIKES!
Is there some place where I could get a set of "beginner" or "standard" rules for the firewall?

**dibl** · Jun 11, 2011, 10:14 AM

Re: How can I tell if I have a firewall up and running?

Before you start "fixing" the assumed vulnerability, I would advise spending 10 minutes to test your connection to the Internet, using the test facility at this site: https://www.grc.com/x/ne.dll?bh0bkyd2

If you are connected via a router, its default settings may be sufficient to isolate your system from malicious activities.

**kubicle** · Jun 11, 2011, 10:16 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by craigbert

It shows to be inactive! YIKES!

Doesn't matter much if you haven't installed any services that listen to incoming connections (there are none installed by default). The ports are closed if there is nothing listening on them.

To enable the firewall:

Code:

sudo ufw enable

Originally posted by wizard10000

But - Ubuntu doesn't ship with any firewall rules, so although your firewall might be running it won't filter any traffic until some firewall rules are added.

It blocks all incoming traffic by default, and allows all outgoing traffic. so you need to add rules only if you wish to allow incoming connections or reject outgoing connections.

**wizard10000** · Jun 11, 2011, 10:18 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by craigbert

Thanks wizard10000! It shows to be inactive! YIKES!
Is there some place where I could get a set of "beginner" or "standard" rules for the firewall?

You can relax a little

By default Linux doesn't listen on *any* port. Unless you're running a web/mail/whatever server nothing connects to your machine unless you authorize it.

If your Linux box is sitting behind a home router it can't be seen from the internet anyway. A heck of a lot of Linux users (myself included) don't run firewall rules on desktop workstations because all connections initiate *from* the workstation and because of the way Linux is designed any current malware would ask you for a superuser password before it infected your machine.

But - if you wanna turn the firewall on,

sudo ufw enable

should get you where you want to be.

Hope this helps -

**wizard10000** · Jun 11, 2011, 10:24 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by kubicle

It blocks all incoming traffic by default, and allows all outgoing traffic. so you need to add rules only if you wish to allow incoming connections or reject outgoing connections.

Gotta disagree a tiny bit

https://help.ubuntu.com/community/UFW

...Unless you have set the default to deny when you initially enable ufw, it is in ALLOW mode and will allow everything incoming and outgoing until you make rulesets.

**kubicle** · Jun 11, 2011, 10:37 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by wizard10000

Gotta disagree a tiny bit

https://help.ubuntu.com/community/UFW

...Unless you have set the default to deny when you initially enable ufw, it is in ALLOW mode and will allow everything incoming and outgoing until you make rulesets.

I'm pretty sure that's incorrect (or outdated), here's the /etc/default/ufw from the ufw package in the repos:

# /etc/default/ufw
#

# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no

# Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW inbound packets on the INPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"

# Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_OUTPUT_POLICY="ACCEPT"

# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="DROP"

# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"

# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no

#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf

# extra connection tracking modules to load
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"

**craigbert** · Jun 11, 2011, 10:59 AM

Re: How can I tell if I have a firewall up and running?

What an amazing wealth of info you guys are! THANKS!!!!

OK, based on the website from dibl, I feel safe at home.

But this is a laptop so I do connect in a various places, so I am thinking that in those areas I need to enable the firewall. Right?
I am not running anything like mail, webserver, etc, so nothing should be listening.

**wizard10000** · Jun 11, 2011, 11:21 AM

Re: How can I tell if I have a firewall up and running?

Originally posted by kubicle

I'm pretty sure that's incorrect (or outdated), here's the /etc/default/ufw from the ufw package in the repos:

By golly, you're right.

cheers -

**kubicle** · Jun 11, 2011, 02:40 PM

Re: How can I tell if I have a firewall up and running?

Originally posted by craigbert

But this is a laptop so I do connect in a various places, so I am thinking that in those areas I need to enable the firewall. Right?

Not necessarily, but I'd still enable the firewall (especially if you connect your laptop to networks that are not under your control). There is usually no downside to enabling the firewall, and it can act as a security blanket if you, for example, inadvertently enable services to listen to inbound traffic.

There is generally no such thing as too many layers of security.

**craigbert** · Jun 11, 2011, 03:02 PM

Re: [resolved] How can I tell if I have a firewall up and running?

Could not agree with you more! Thanks all!

**charles052** · Jun 12, 2011, 08:55 AM

Re: [resolved] How can I tell if I have a firewall up and running?

Well, I just enabled my firewall and I also got a firewall through my router/modem. I just did a ShieldsUP scan and I've got three ports that aren't stealthed. Anyway to stealth these last three?

**wizard10000** · Jun 12, 2011, 09:05 AM

Re: [resolved] How can I tell if I have a firewall up and running?

Originally posted by charles052

Well, I just enabled my firewall and I also got a firewall through my router/modem. I just did a ShieldsUP scan and I've got three ports that aren't stealthed. Anyway to stealth these last three?

Which ports?

Three? I only had two and scanned my machine with ufw disabled

GRC Port Authority Report created on UTC: 2011-06-12 at 15:03:42

Results from scan of ports: 0-1055

2 Ports Open
1044 Ports Closed
10 Ports Stealth
---------------------
1056 Ports Tested

Ports found to be OPEN were: 22, 53

Ports found to be STEALTH were: 23, 69, 80, 135, 136, 137, 138,
139, 443, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

**charles052** · Jun 12, 2011, 10:08 AM

Re: [resolved] How can I tell if I have a firewall up and running?

Originally posted by wizard10000

Originally posted by charles052

Well, I just enabled my firewall and I also got a firewall through my router/modem. I just did a ShieldsUP scan and I've got three ports that aren't stealthed. Anyway to stealth these last three?

Which ports?

Three? I only had two and scanned my machine with ufw disabled

GRC Port Authority Report created on UTC: 2011-06-12 at 15:03:42

Results from scan of ports: 0-1055

2 Ports Open
1044 Ports Closed
10 Ports Stealth
---------------------
1056 Ports Tested

Ports found to be OPEN were: 22, 53

Ports found to be STEALTH were: 23, 69, 80, 135, 136, 137, 138,
139, 443, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Here's mine.

GRC Port Authority Report created on UTC: 2011-06-12 at 16:07:14

Results from scan of ports: 0-1055

0 Ports Open
3 Ports Closed
1053 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 20, 21, 500

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Not sure if I should even worry about it since all ports were closed.

Announcement

[resolved] How can I tell if I have a firewall up and running?

[resolved] How can I tell if I have a firewall up and running?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment