[Solved] GUFW and security on home LAN

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Peterjack
Level 2
Level 2
Posts: 79
Joined: Tue Aug 01, 2017 10:11 pm

[Solved] GUFW and security on home LAN

Post by Peterjack »

Hello again,

Using Simple Rules for GUFW on my Sylvia xfce based server works fine for everything. BUT, it says from "anywhere". Some reading showed me I could limit this to my subnet, so only users connected to my own wifi network could get through, but when I try this with the advanced rules everything is blocked, period. Do I even need to care since it is all behind my router?

[Allow In on port xxx from xxx.xxx.xxx.xxx/24] is what will not work. -Pete
Last edited by Peterjack on Wed Mar 07, 2018 7:35 pm, edited 3 times in total.

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: GUFW and security on home LAN

Post by sammiev »

Not sure if you went through this already.

https://help.ubuntu.com/community/UFW

User avatar
catweazel
Level 19
Level 19
Posts: 9890
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: GUFW and security on home LAN

Post by catweazel »

Peterjack wrote:
Tue Feb 27, 2018 7:32 pm
Do I even need to care since it is all behind my router?
If your router provides network address translation (NAT) and there are no open ports on your router then no, you don't need to care.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.

Peterjack
Level 2
Level 2
Posts: 79
Joined: Tue Aug 01, 2017 10:11 pm

Re: GUFW and security on home LAN

Post by Peterjack »

@sammiev- yes, and that is why I can't figure out why that won't work when it seems so plain and simple.
@catweazel- thanks yet again for simple advice, no worries it seems.
Hump day is over all! :-)

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: [Solved] GUFW and security on home LAN

Post by sammiev »

I use UFW and it would be something like this as an example.

Code: Select all

sudo ufw allow from xxx.xxx.xxx.0/24 to any port xx
GUFW dosn't always work as it should, that's why I posted the how to for UFW.

As posted by catweazel, if your behind a router it really isn't needed.

It will give you an extra layer of protection.

Peterjack
Level 2
Level 2
Posts: 79
Joined: Tue Aug 01, 2017 10:11 pm

Re: [Solved] GUFW and security on home LAN

Post by Peterjack »

@sammiev Thank you for persisting because I do want that extra level of protection. I tried command line ufw again following your suggestion, one rule for each of the 4 samba ports shown in the simple gufw rules:

sudo ufw allow from [my subnet]/24 to any port 445.

Each of those rules then showed in gufw as 445 ALLOW IN [my subnet]/24 and I removed the simple rules. Now my windows machines do not see the shared machine at all, and my linux machines see the Avahi share, but fail to retrieve the share list from server. What am I missing here? -Pete

Post Reply

Return to “Newbie Questions”