Firewall Active But Not Doing Anything?

[wizzybang]

Hi,

I've activated the Firewall, Mint 18.2, and just gave a test with Transmission with the setting deny all incoming with no rules set and it's downloading, also did a firewall test on GRC SheildsUp and this is showing

Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment!

I did the test on the site for my router and all is well there, passed with flying colours so to speak, so somehow it seems like the firewall is active but not working?

I followed the basic setup listed here https://sites.google.com/site/easylinux ... amon-first, is there something I'm missing or doing wrong?

Thanks in advance

Sam

[WharfRat]

You can monitor the firewall with sudo watch -d iptables -L -nv

[wizzybang]

I've just used the command with the firewall on and deny all incoming connections with no rules and it's letting traffic through in Transmission so definitely not doing what it should....

[karlchen]

Hello, wizzybang,

you have enabled ufw (uncomplicated firewall) with the default ruleset: permit allow outgoing, deny all incoming connections.
Whenever you start a download on your machine, it is your machine which initiates the connection to a server in the internet.
This is an outgoing connection. Not an incoming connection.
Hence there is nothing which ufw should block.

All connections which your machine initiates towards another machine are outgoing (permitted).
All connections which other machines try to establish to your machine are incoming (denied).

Does this clear up what is going on?

Regards,
Karl
--
P.S.:
In case you are connected to the internet through a DSL router which brings along its inbuilt internal firewall, then this outer firewall already rejects (most / all) incoming attempts from the internet to initiate connections.
In this situation ufw is the inner firewall. And it does not get many requests from the internet trying to establish connections with my machine. The (outer) router firewall has already blocked them.

[wizzybang]

Hi Karl,

Thanks for the response, sort of clears it up I think.

If I'm downloading a torrent for example, firewall is set to block all incoming connections, should this stop people downloading from me or becuase I have initiated the original download, does this allow the connections? (apologies if I'm sounding a bit daft/stupid)

Also, the test I did on GRC SheildsUp, should the result be a concern?

Thanks

Sam

[trytip]

are you using gufw?

[wizzybang]

I am using gufw

[Aleron Ives]

If I'm downloading a torrent for example, firewall is set to block all incoming connections, should this stop people downloading from me or becuase I have initiated the original download, does this allow the connections?

The short answer is no. The long answer requires knowing how BitTorrent works.

When you start a torrent, you usually perform an outgoing connection to a tracker. The tracker provides you with a list of IP addresses of other people who are in the swarm for that torrent. Your client then establishes outgoing connections to some of the people from that list. If those people accept incoming connections (i.e. their firewall has a pinhole for the port they're using for BitTorrent), you will connect to them and start uploading/downloading data depending upon which pieces you and they need.

You are also in the swarm now, so the tracker will send your IP address to other people who want to join the swarm. When they try to connect to you, your firewall will block the incoming connection, and you will not be able to transfer any data between the two of you. You must make an outgoing connection, and that person must allow it, in order for the two of you to communicate. This will only happen when your client decides to query the tracker again, which usually happens every 30 or 60 minutes. In addition, this will only happen if the tracker chooses to provide you with that person's IP address so that you can try to establish an outgoing connection, and only if that person accepts the incoming connection from you. As such, it would have been much better if you had just accepted the incoming connection, because you could have been transferring data with that person instead of waiting an hour to make an outgoing (local) connection.

The important thing to know about BitTorrent is that it relies on people not having firewalls blocking their connections. If everybody blocks incoming connections, BitTorrent is useless, because everybody is blocking everybody else, so no connections can be made. The only reason you can run BitTorrent with incoming connections blocked is because the people you're connecting to have not blocked incoming connections. You severely limit the number of people you can connect to if you block incoming connections, so you should always allow remote connections in your firewall by adding an exception for the port you want to use to accept incoming connections with BitTorrent. If you don't, your BitTorrent performance will likely suffer, because your connection options are severely limited.

[wizzybang]

Thanks for the answer, so using a torrent program to test the firewall is probably not the best thing to use then?

[WharfRat]

Thanks for the answer, so using a torrent program to test the firewall is probably not the best thing to use then?

These rules should block transmission

Code: Select all

sudo /sbin/iptables -A INPUT  -p tcp --dport 51413 -m comment --comment "Reject Transmission tcp" -j DROP
sudo /sbin/iptables -A INPUT  -p udp --dport 51413 -m comment --comment "Reject Transmission udp" -j DROP

Change 51413 if you're using a different port for incoming connections.

[wizzybang]

Hi WharfRat

Tried these commands but didn't do anything, ran a torrent and downloaded. Launched gufw and nothing was there under rules.

Cheers
Sam

[WharfRat]

Well that's strange because when I was doing my fw I had to add a rule to accept that port otherwise transmission just hung there doing nothing,

I don't use ufw because I find it too complicated. If you had it running in conjunction with the two above then a prior --ctstate ESTABLISHED,RELATED rule may have let it pass through.

If you want to check the fw, make sure ufw is not running with sudo iptables -S

Code: Select all

[bill@XPS] ~/script $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
[bill@XPS] ~/script $ 

This is all you should get, then

sudo /sbin/iptables -A INPUT -p tcp -s 192.124.249.8 -m comment --comment "cloudproxy10008.sucuri.net" -j DROP

and try to refresh the mint forum tab.

To clear this rule sudo /sbin/iptables -F INPUT

[trytip]

Hi WharfRat

Tried these commands but didn't do anything, ran a torrent and downloaded. Launched gufw and nothing was there under rules.

Cheers
Sam

if you disable DHT in your torrent client you will succeed in blocking torrents