You are not logged in.

#1 2021-01-18 15:38:36

rickster1006
Member
Registered: 2018-05-08
Posts: 12

Elementary Iptables/UFW/Firewalld Question

Hello.  A quick question (maybe more of a personal opinion) concerning use of iptables, UFW, or firewalld on BL. I should preface all of this by saying that my BL systems currently, never leave my home.  Additionally, I have a dedicated firewall that also serves as a router to my ISP.  On both my dedicated firewall, as well as my BL systems, by default I block all incoming traffic. & I don’t run any services as well. I permit ICMP, NTP, & beyond that nothing at all.  It seems like my requirements are pretty simple, but for whatever reason, I feel like my rules should be even more restrictive. As a result, I depend on UFW in the default configuration.  & for whatever reason feel like there are a lot of rules there that make viewing all the rules/chain overly complicated. For that reason, I’ve start to tinker with firewalld, just because there isn’t a whole lot of details there. The one thing I do not like is the equivalent command to “iptables -nvL” which includes the # of packets, & length.
This is a very long winded way of asking what other BL members are using for their own systems.  Any recommendations would be appreciated.

Thanks,
-Rick

Offline

#2 2021-01-19 06:26:31

ohnonot
...again
Registered: 2015-09-29
Posts: 5,534

Re: Elementary Iptables/UFW/Firewalld Question

There's a lot of inaccuracies in your post.
Suffice it to say: it's a much discussed topic and the answers are always the same: security is a process, and never 100%. It's also a trade-off with usability or convenience. Read: any effort to make your Linux install install more secure requires manual configuration & user awareness, instead of relying on "userfriendly" gimmicks. Which doesn't mean that BL out of the box isn't sufficiently secure for everyday use as a desktop distro.
Lots of threats also don't try to bypass your firewall at all, but come right through the front door of your web browser loading web pages with scripts. Permit javascript sparingly.
Etc., etc., etc.... extensive web searches will give a better answer.

rickster1006 wrote:

Hello.  A quick question (maybe more of a personal opinion) concerning use of iptables, UFW, or firewalld on BL. I should preface all of this by saying that my BL systems currently, never leave my home.  Additionally, I have a dedicated firewall that also serves as a router to my ISP.  On both my dedicated firewall, as well as my BL systems, by default I block all incoming traffic. & I don’t run any services as well. I permit ICMP, NTP, & beyond that nothing at all.  It seems like my requirements are pretty simple, but for whatever reason, I feel like my rules should be even more restrictive. As a result, I depend on UFW in the default configuration.  & for whatever reason feel like there are a lot of rules there that make viewing all the rules/chain overly complicated. For that reason, I’ve start to tinker with firewalld, just because there isn’t a whole lot of details there. The one thing I do not like is the equivalent command to “iptables -nvL” which includes the # of packets, & length.
This is a very long winded way of asking what other BL members are using for their own systems.  Any recommendations would be appreciated.


Give to COVAX! Here or here. (explanation)

Offline

Board footer

Powered by FluxBB