Linux

47597 readers

978 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Firewalls: what SHOULD I block? (lemmy.wtf)

submitted 1 week ago by Cornflake_Dog@lemmy.wtf to c/linux@lemmy.ml

71 comments fedilink hide all child comments

Hey there folks,

I'm trying to figure out how to configure my UFW, and I'm just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I'm a total newbie to configuring firewalls so I'm just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don't even know how/where to monitor local traffic to figure out what I can/should consider blocking.

you are viewing a single comment's thread
view the rest of the comments

[–] Shdwdrgn@mander.xyz 77 points 1 week ago (16 children)

You've got it backwards. A firewall blocks everything, then you open up the ports you want to use. A standard config would allow everything going out, and block everything coming in (unless you initiated that connection, then it is allowed).

So the question you should be asking, is what services do you think you're going to be running on your desktop that you plan to allow anyone on the internet to get to?

[–] Wingless@mstdn.social 0 points 1 week ago (1 children)

@Shdwdrgn @Cornflake_Dog false. a firewall can indeed have a default block everything policy, but this is still a configurable option

[–] Shdwdrgn@mander.xyz 0 points 1 week ago (1 children)

Sure it CAN be configured, but the typical policy of firewalls is to start from a position of blocking everything. From what I've seen, on Linux the standard starting point is blocking all incoming and allowing all outgoing. On Windows the default seems to be blocking everything in both directions. Sure you could start with a policy of allowing everything and block only selected ports, but what good is that when you can't predict what ports an attacker might come from?

[–] Wingless@mstdn.social 1 points 1 week ago (1 children)

@Shdwdrgn on Linux, the firewall with zero custom rules always allowed everything. did that change in very recent kernels? if that's the case, I'd expect a lot of lost acces to remote servers

[–] Shdwdrgn@mander.xyz 1 points 1 week ago

Most of my experience is with iptables, but yeah, I think until you start adding rules nothing is implicitly denied? Once you enable a couple of initial rules then you should have good blocking from the outside while allowing internal traffic to connect freely. It doesn't get in your way until you start using it, but then it doesn't take much to get it going.

load more comments (14 replies)