Linux Mint Forums

[toomuchcoffee]

What do you use, what do you recommend and what not...

[craigevil]

the shiny GUIs including gufw and firestarter just modify iptables.

I use ufw set to default deny. Allows all outgoing, denies all incoming connections. No need to tweak anything.

For the uber paranoid I would recommend moblock/peerguardian.

[Brian49]

I gave up using software firewalls some time ago. I rely entirely on my router's built-in firewall, which has never let me down. It's a good old Netgear DG834Gv4.

[rhodry]

On servers I set up iptables manually for specific tasks performed - desktops, ufw default deny works for me, testing boxes I don't bother.

rhodry.

[munin]

If I have not misunderstood the info here, I should be reasonably secure with these Guwf settings: Status On. Incoming: Deny. Outgoing: Allow. No rules.
I dont use servers or any form of network, so I hope this is good enough.

[craigevil]

# ufw status verbose
Status: active
Logging: off
Default: deny (incoming), allow (outgoing)
New profiles: skip

no problems here. The only networking service I have running is dhclient.

Code: Select all

# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:49153         0.0.0.0:*               LISTEN      19881/firefox   
tcp        0      0 127.0.0.1:46755         0.0.0.0:*               LISTEN      19881/firefox   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           816/dhclient   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           6560/dhclient   
udp        0      0 0.0.0.0:6954            0.0.0.0:*                           6560/dhclient   
udp        0      0 0.0.0.0:7088            0.0.0.0:*                           816/dhclient   
udp6       0      0 :::46236                :::*                                6560/dhclient   
udp6       0      0 :::21003                :::*                                816/dhclient   


[rhodry]

I gave up using software firewalls some time ago. I rely entirely on my router's built-in firewall, which has never let me down. It's a good old Netgear DG834Gv4.

I didn't bother looking up the specific model, but, there are going to be some surprised folk around once ipv6 permeates the net more thoroughly. Ipv6 does not recognise NAT (built in firewall used by most routers) - hence millions of unprotected machines on the net with a false sense of security!! Malware kiddies are going to have a field day with older hardware running older Windows.

Check your router now!!!!!

cheers,
rhodry.

[mint-me]

i use gufw and block all incoming. i also block the following ports outgoing, as i don't run a server for outside use, and don't share files off my drive to anybody - especially Windows machines:

ports 135-139 [netbios sharing]
port 445 [ms-ds]
port 113 [auth/ident]

just to make sure...

[josefg]

I used to run ZoneAlarm on Windows, but haven't found any similar application-based firewall for linux. So, so far, I'm running nothing... I am just as much interested in having control over what goes out as over what comes in.

[craigevil]

I used to run ZoneAlarm on Windows, but haven't found any similar application-based firewall for linux. So, so far, I'm running nothing... I am just as much interested in having control over what goes out as over what comes in.

Linux-Firewall.org - Your application based personal firewall for Linux - http://linux-firewall.org/ doesn't say when it was last updated.

There was TuxGuardian - An application-based firewall - http://tuxguardian.sourceforge.net/ but it appears to be dead , hasn't been updated since 2006.

Program Guard - http://pgrd.sourceforge.net/ also hasn't been updated in a while

Systrace - Interactive Policy Generation for System Calls - https://www.citi.umich.edu/u/provos/systrace/

There really is not much of a point in having an application based firewall in linux. the problem in windows was all the spyware that called home. We do not have to deal with such things. Especially if you only use the packages in the repos.

Personally I do not see the need to block any outgoing ports.

[eanfrid]

There is the "nufw" infrastructure but it is clearly a lot of overkill for a home PC as it targets corporate networks. Unless you are *really* paranoid you don't need to filter outgoing traffic at the application level. But if you are, you will have to learn (and become pretty skillful with) netfilter, connection tracking, iptables, ebtables and arptables in addition to dealing with nufw. "Firewalls" at the application level don't exist on Linux because they essentially are of no use.

For my own needs I don't use any firewall GUI. I write and maintain my own custom set of iptables/ebtables/arptables rules with home-made scripts.

[nextdistroplease]

UFW

Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ----
1:19/tcp DENY OUT Anywhere
1:19/udp DENY OUT Anywhere
22:52/tcp DENY OUT Anywhere
22:52/udp DENY OUT Anywhere
54:79/tcp DENY OUT Anywhere
54:79/udp DENY OUT Anywhere
81:122/tcp DENY OUT Anywhere
81:122/udp DENY OUT Anywhere
124:442/tcp DENY OUT Anywhere
124:442/udp DENY OUT Anywhere
444:65535/tcp DENY OUT Anywhere
444:65535/udp DENY OUT Anywhere
1:19/tcp DENY OUT Anywhere (v6)
1:19/udp DENY OUT Anywhere (v6)
22:52/tcp DENY OUT Anywhere (v6)
22:52/udp DENY OUT Anywhere (v6)
54:79/tcp DENY OUT Anywhere (v6)
54:79/udp DENY OUT Anywhere (v6)
81:122/tcp DENY OUT Anywhere (v6)
81:122/udp DENY OUT Anywhere (v6)
124:442/tcp DENY OUT Anywhere (v6)
124:442/udp DENY OUT Anywhere (v6)
444:65535/tcp DENY OUT Anywhere (v6)
444:65535/udp DENY OUT Anywhere (v6)

[bimsebasse]

4 years on Linux without antivirus software and firewalls - never felt the need, never had an issue.

In Windows I used to run Spybot with tea timer so nothing in the registry was changed without my permission, and avira antivirus with active guard and firewall. Don't miss it one bit.

[nextdistroplease]

In Windows I used to run Spybot with tea timer so nothing in the registry was changed without my permission, and avira antivirus with active guard and firewall. Don't miss it one bit.

Remember WinPatrol?

SuperAntispyware?

I had at least two or three antimalware programs on top of my antivirus.

My spell checker wants to say antimalarial.

I love Linux.

[craigevil]

In Windows I used to run Spybot with tea timer so nothing in the registry was changed without my permission, and avira antivirus with active guard and firewall. Don't miss it one bit.

Remember WinPatrol?

SuperAntispyware?

I had at least two or three antimalware programs on top of my antivirus.

My spell checker wants to say antimalarial.

I love Linux.

I usually installed winpatrol, spyblaster, spybot search and destroy, avg, and/or microsoft security essentials, zonealarm.

It is so nice to not have to worry about all of that crap. I was paranoid for the first year I ran Debian had all kinds of apps like rkhunter, chkrootkit, tripwire, tiger, guarddog, checksecurity, samhain, psad, etc installed. But after they never found anything I finally realized a firewall was all I needed. Most routers have a decent firewall these days so no real need for a software firewall at all.