Quick Q about firewall

[markz]

Been using Linux Mint for a year or two now. I just came across this now, and I did the commands in Terminal to enable.

sudo ufw enable

Was I at risk?

Followed this
viewtopic.php?t=277817

Doesnt seem to be at risk from the comments.

Anything else I am missing, I did read about the Mozilla Firefox Extension but I do not plan on installing antivirus programs.

Only shady places I go to are Yahoo Images <violates forum rules>, click on an image and it enlarges then click the right arrow.
Normal practice was to install a W10 hdd or another Linux Mint hdd and do the dirty deeds strictly on those.
Plan to reformat once my OpenOffice files are copied onto usb.

I want to try out one or two more Linux distro's, I have tried Ubuntu the first time, then XUbuntu, my computer system does not need a o/s for low ram or slow speeds. i5 4th gen, 10 or 12gb ram, hp oem pc. Always used Windows in the past, but I find now I cant even install W10 without them wanting my phone number, was never like that before so I made the switch, use this Linux Mint with the rare time using W10, but I reformatted with fresh install to clean it up but cant now. I may retry the VM with W10, but like I said I just unplug my good/safe Linux Mint hdd and plug in W10 hdd for shady stuff, is that a good plan, or another hdd with Linux distro. I remember reading about an ultra-safe Linux Distro, there are to many to keep track. Off to Google I go, well Mozilla, DuckDuckGo but they get most of their profits from Google so
https://www.techradar.com/news/best-lin ... y-security

[Cosmo.]

sudo ufw enable

Was I at risk?

Most likely not.
If you are at home behind a router and nobody else is in your home network, the firewall is not really needed. Turning it on with the default settings do not make a difference.

[Coggy]

There is no risk doing sudo ufw enable. It turns on the firewall with its default settings, which will prevent incoming connections. This is generally OK, but it may interfere with some things if you run services that you want other computers to be able to connect to.

Beware that this will do nothing to enhance the security of your web browsing. When browsing, the browser downloads stuff (with an outgoing connection) and it can still download malware designed to fool the browser into doing bad things.

I'm not sure (I've never used ufw), but it may be that ufw blocks incoming local announcements, which may stop things like printer auto-discovery and warpinator from working.

[Pjotr]

I recommend to turn ufw on as a matter of course. Because who knows if the firewall in your router is working correctly? Router firmware is often never updated, so many (if not most) routers have unfixed security flaws. These may affect your router firewall as well.

Having ufw enabled is, naturally, always a requirement when you're using an open public network. Think the WiFi at Burger King and stuff like that.

ufw has sensible exceptions by default, so in most cases it shouldn't interfere with your networking activities.

The logging of ufw is much too spammy, even when set at the default "low", so I advise to turn that off:

Code: Select all

sudo ufw logging off

[Pjotr]

Would you ever need to see ufw logs in the future for any reason?

Personally, in a decade, I've never felt that need. For all practical purposes, ufw is "fire and forget".

Does shutting this feature off speed things up whats the purpose for doing this pjotr?

It's good for crud reduction on your disks and (at least theoretically) may even speed things up a bit....

[Hoser Rob]

I use a firewall (ufw, well actually gufw) and I'd also recommend one.

But it's not like Windows where you'd have to be nuts not to use one. For one example, Linux doesn't leave unused network ports open the way Windows does.

I've done some distro/DE hopping on my little old POC netook. Several times I forgot to turn on the firewall. Once for weeks . Never got hacked, even though I use that netbook mostly to tote arouind so it gets a lot of public wifi hotspot use.

[missmoondog]

OP doesn't specify what type of machine they're using, desktop or laptop, so "assuming" it's a desktop and not going to connect to any other network. in that case, and especially if OP is behind a router and knows how to update firmware, although most routers are set to update that automatically, and assuming OP has firewall turned on in router, i'd say it's safe to not even bother with firewall.

i have 7 linux machines here and have never turned on firewall, except to play with for a bit and have never had any issues.

i can still get a full stealth check at grc.com's goofy scanner
https://www.grc.com/x/ne.dll?bh0bkyd2

of course i can get that with or without firewall on!

[markz]

It is just an ISP router, and fairly new 2 yrs old, previous to that we had a real real old isp router that we put through (????Bridged ISP router????) an expensive router/wifi we bought.

So its wise to keep the router up to date whether updates of soft/firm-ware or if it gets to old right? How old a router is to old a router from an ISP?
*Makes sense for the ISP to update automatically. Previously I got into the route settings, just to check it out but didnt change anything, this new router I havent. I actually had to buy a wifi card for the 4th gen i5 pc.

Its a home desktop pc with slimmer atx about 4 or 5" wide, older 4th gen i5 10-12gb of ddr3 ram (not sure of the speed)
I use it in the home office for internet, simple games (Steam), Openoffice and Email-that I dont click on anything for links or attachments in the email itself unless I know exactly who its coming from and expecting the email. Nothing too sensitive, tended have fresh install of linux mint on a separate hdd to do banking/investing which I am getting more into now. Just securing the hatches is all on every thing.

The only upgrade I would do is wanting multiple screens to see if I like it, but I am a cheap skate and monitors are not cheap (~$200+, but 27" $300+ in cdn$)

Ultimately the next stage is a custom build, simple Ryzen 3600 or newer variant, ddr4 will eat up some cash too, mobo Tomahawk probably but this most likely wont happen, its been a thought to build it but when I price it out $800-1000 its like yeaaah NO!

Like I posted about before, I dig Linux Mint but certain things just require W10, like trying to get into the firmware for certain consumer products (an ebike charger, Cycle Satiator, but that cats smart so he probably has Linux option to get into it via usb)

----
What does that mean, logging of ufw is much too spammy?
I haven't turned it off, does it slow things down?

Thanks

The logging of ufw is much too spammy, even when set at the default "low", so I advise to turn that off:

Code: Select all

sudo ufw logging off

[Pjotr]

It is just an ISP router, and fairly new 2 yrs old, (....) So its wise to keep the router up to date whether updates of soft/firm-ware or if it gets too old right?

If it's a combined modem/router from your ISP, it's best to leave it alone. You might disable wireless in it and hook up a dedicated router of your own for wireless, which you do keep up to date. For example by means of FreshTomato:
https://easylinuxtipsproject.blogspot.com/p/tomato.html

What does that mean, logging of ufw is much too spammy?

Talks too much in its logs.

[markz]

I have a EVO SSD 500GB that I want to start using instead of the 500gb 7200's, the EVo 500gb ssd is the newest one I have, the other one is a Patriot 120gb that I plan on doing the same method with as the EVO ssd.

If there is a possibility of a virus on a ssd due to using Windows 10 and surfing shady areas online, I heard that if you FULLY format the hard drive very many times (6 or a dozen times or multiple dozens of time) or if the formatting program can write all 1's or 0's or random stuff then format normally, that is what I am looking for. So looking for a safe program (open source program from a legit online site) to do what I mentioned.

I know it should be safe with just a few manual formats of the hdd, right or should I do one or both of the above?
Thats what I do normally anyway, just fully format 2 or 3 times, its no big deal to me. For formats that take a long time I could run it over night, so 12hrs of run time.

Hey thanks again for all your guys' (and women's, surely theres a few no doubt right even Linux Mint Guru's with thousands of posts) help.

[Pjotr]

In Linux, you can forget about all that formatting ado for the sake of virus killing. You might find this article interesting, that I've written about security in Linux Mint:
https://easylinuxtipsproject.blogspot.c ... urity.html

[missmoondog]

OP doesn't specify what type of machine they're using, desktop or laptop, so "assuming" it's a desktop and not going to connect to any other network. in that case, and especially if OP is behind a router and knows how to update firmware, although most routers are set to update that automatically, and assuming OP has firewall turned on in router, i'd say it's safe to not even bother with firewall.

i have 7 linux machines here and have never turned on firewall, except to play with for a bit and have never had any issues.

i can still get a full stealth check at grc.com's goofy scanner
https://www.grc.com/x/ne.dll?bh0bkyd2

of course i can get that with or without firewall on!

I didnt know that most routers update automatically, i hope mine does, but mine is old from like 2013 so im not sure.

Should be very simple to see if your router updates automatically under the administrative section probably. If your router is from 2013 though, I seriously doubt if it's still supported. Most routers are only supported for 2-3 years. I had an old Linksys router back in about 2007 that I know for sure had the ability to automatically update firmware. My current router just went EOL (end of life) for support after 3 years. Already have a third party firmware, openwrt, downloaded to install on that router.

[djph]

Should be very simple to see if your router updates automatically under the administrative section probably. If your router is from 2013 though, I seriously doubt if it's still supported. Most routers are only supported for 2-3 years. I had an old Linksys router back in about 2007 that I know for sure had the ability to automatically update firmware. My current router just went EOL (end of life) for support after 3 years. Already have a third party firmware, openwrt, downloaded to install on that router.

Very few routers have "auto update" for their firmware ...

[missmoondog]

Should be very simple to see if your router updates automatically under the administrative section probably. If your router is from 2013 though, I seriously doubt if it's still supported. Most routers are only supported for 2-3 years. I had an old Linksys router back in about 2007 that I know for sure had the ability to automatically update firmware. My current router just went EOL (end of life) for support after 3 years. Already have a third party firmware, openwrt, downloaded to install on that router.

Very few routers have "auto update" for their firmware ...

that's odd you say that. every router i've ever used has had that "feature" personally, i disable it as i hate things auto updating behind my back. might not have that feature on isp owned modem/routers as i've always owned my own routers.

[markz]

Thanks

OK so this isnt a Linux question and looking back I should have just posted a new thread instead of throwing it in my firewall thread, I felt at the time it was a security issue and could fall in this thread. I did reread my lat post in regard to scrubbing hard drives and I understand sometimes my communication skills and thinking process can be skewed converting it all to the keyboard. Would have been best to start a new thread for my last question. Trying to change my online habits the last while.

Those ssd's have Windows 10, I want to completely abandon W10, switch my good hard drives to Linux
500gb ssd would be my daily using Linux Mint as I am used to it.
120gb ssd would be a secondary, this pc will be used less frequently, still using and trying out different Linux distros.

7200's are 3 of them, 1 seagate 2 western digital and all 500gb.

Then switch the older, used Western Digital Blue 7200rpm 500gb to W10 in case I need to have Windows, or to reminisce (remember the old days)

Well this is a forum and guess I am just lazy and just want answers on a platter handed to me without doing my own Googling, speaking of privacy
I use Mozilla Firefox using DuckDuckGo but moz profits are mostly Google (from what I heard a guy on YT say and DDGo does give out Google Ads, anyways so there is that. I have always used moz ddgo, always refused to use MS browser Edge, refused Google and Chrome but I use Google Maps and hotmail for anonymous/junk email addresses. Which is another question but will ask in a new thread, if I remember. I forget things more easily now so sorry for that.

I just did not know the name or term used. Now I am just using Hard Drive Scrubber but I still have no clue, there was one site called IOLO,https://www.iolo.com but theres a cost associated with it, $20 or so.

In Linux, you can forget about all that formatting ado for the sake of virus killing. You might find this article interesting, that I've written about security in Linux Mint:
https://easylinuxtipsproject.blogspot.c ... urity.html

[djph]

that's odd you say that. every router i've ever used has had that "feature" personally, i disable it as i hate things auto updating behind my back. might not have that feature on isp owned modem/routers as i've always owned my own routers.

Just because the make / model(s) you purchase happens to have it does not mean it's a majority feature... in 20 years of purchasing the things, I've seen like maybe two that've had the option (and it's off by default).

All the rest have been "download the bin from our site, upload to the router from your pc, repeat every few months" ...

[djph]

Those ssd's have Windows 10, I want to completely abandon W10, switch my good hard drives to Linux

so then just let the linux installer format the drive(s) in question and go about your day.

[Moem]

Those ssd's have Windows 10, I want to completely abandon W10, switch my good hard drives to Linux

so then just let the linux installer format the drive(s) in question and go about your day.

Seconded. Nothing more is needed.

[missmoondog]

that's odd you say that. every router i've ever used has had that "feature" personally, i disable it as i hate things auto updating behind my back. might not have that feature on isp owned modem/routers as i've always owned my own routers.

Just because the make / model(s) you purchase happens to have it does not mean it's a majority feature... in 20 years of purchasing the things, I've seen like maybe two that've had the option (and it's off by default).

All the rest have been "download the bin from our site, upload to the router from your pc, repeat every few months" ...

used to be part owner of a computer repair shop and in the almost 25 years of purchasing things, most of the routers in later years have had the ability to automatically update firmware and was enabled by default. pretty stupid of a router manufacturer/security company not to have that ability built in. how many joe blows know how to go download the correct bin file and then go into settings and upload a .bin file and update them?