Firewall Settings! What not to block.

[cousinlucky]

My PCLinuxOS gnome requires that I configure the Firewall.
My first inclination is to just block everything but I figure that
there must be some things on the list that I should not block;
so I'm asking what those items are, please? Thanks

[elija]

By default you should block all inbound packets. This will not block packets that are in response to, for example, visiting a web page. If you don't access the computer remotely then that should be all you need to do...

[tdsan]

What type of firewall rules are you running?

Are you running iptables, UFW or ipfilter?

There are a number of different rules we can construct but it depends on what you want the firewall to do and how you want it to perform?

Please advise.

[Toadbrooks]

What type of firewall rules are you running?

Are you running iptables, UFW or ipfilter?

There are a number of different rules we can construct but it depends on what you want the firewall to do and how you want it to perform?

Please advise.

I'm sure I can download a firewall from the Ubuntu repositories. What would you recommend? I don't want to spend my life opening and closing ports, but I would like to be safe from hackers.

[tdsan]

If you are running Ubuntu, there are a number of different applications that you can run from the command line to the gui but it just depends on your level of familiarity with the various tools.

If you feel you are somewhat advanced, then iptables (CLI)

If you are a beginner, then ufw (CLI) or firestarter - Firestarter Firewall for your Ubuntu Desktop*|*Ubuntu Geek

The article points to a number of related firewall applications, just scroll to the bottom to review the lists, this article that may prove to be very helpful.

Good luck with your search.

Todd

[Toadbrooks]

I have been doing Unix since 1984 and Linux since 2007, but I've never worried about firewalls because Unix/Linux are not as vulnerable to viruses. But I am getting more requests for advice on firewalls from people I have steered to Linux as a cost-savings measure over Windoze. I have also had a request from a friend with a mixed network, who wants to use a Linux box as a firewall/gateway to protect his network (not a true DMZ, but whatever I can do for him using a single machine.) I'm up on all the networking and NAT that needs to be done, but I don't have any significant experience with firewalls.

I can tune whatever I set up, but I'd like to not spend the rest of my life tuning firewalls. Could someone make a recommendation for a piece of software and general parameters that would be usable in a setup that won't be monitored daily by a sysadmin? I've read the article above and it is informative, but I'm not sure how what they recommend mirrors expected attack profile on a single non-business computer or small network.

For example, I understand that blocking inbound traffic is a good thing, because if the user wants to go to a site, the site can answer since the traffic was initiated on an outbound conection. But if a piece of malware does get into the system and wants to phone home, won't it pass an inbound traffic block? So it seems that I should block outbound traffic on certain ports or to certain IP address ranges. But short of setting up my own server and tweaking these values weekly, I don't see how I could avoid having to make weekly service calls to my friends' computers to update the block list.

I assume I'm overthinking this, so if someone could tell me how to solve this, I'd appreciate it.

[jayd512]

Hey there, Lucky!
Since I know you don't do anything with remote access, go with elija's advice. Block incoming, and you'll be okay.

[cousinlucky]

I sure wish thay PCLinuxOS had not discontinued their Gnome distro because I really like it.