#1 2017-11-08 01:13:55

cloverskull

Member

Registered: 2015-10-01

Posts: 348

Firewall in 10 seconds

Hey everyone,

This tutorial will come in two pieces. First is the tl;dr, make me a firewall now, copypasta into your terminal and be secure. Skip over this section if you'd like a more thorough explanation of each step.

Paste this into your terminal emulator for a quick and easy firewall. tl;dr up front, with description to follow:

sudo apt-get install ufw && sudo ufw default allow outgoing && sudo ufw default deny incoming && sudo ufw enable

Here's a more thorough description. Basically, we're using ufw, also known as the Uncomplicated Firewall.

What this does is takes some basic, human readable rulesets, and turns them into persistent IPTABLES rules. Initially, we install it with

sudo apt-get install ufw

Next, we give it some basic rules. These are safe default rules. Basically we allow our computer to communicate outbound, but deny any incoming traffic attempts.

sudo ufw default allow outgoing
sudo ufw default deny incoming

Finally, we instruct our init system to enable and persist

sudo ufw enable

Ok, let's say you want to check current ufw status. Simply type

ufw status verbose

If you need to open up ssh, for example, you can add an exclusion to your default deny outgoing ruleset

sudo ufw allow ssh

You can do the same for most standard things, like ftp, http, https, or whatever standard protocol you can come up with. You're also welcome to do this on ports.

I encourage you to read more about this, but it's very simple and no-frills, the way a firewall should be.

hathor

Member

From: Barcelona

Registered: 2017-09-30

Posts: 59

Website

Re: Firewall in 10 seconds

very Good the post

---

lenovo thinkpad t420s

martix

Kim Jong-un Stunt Double

Registered: 2016-02-19

Posts: 1,267

Re: Firewall in 10 seconds

Great! Here is also a thread for on other one, nftables.

And you can test it here.

Plebeu

Member

Registered: 2017-08-01

Posts: 10

Re: Firewall in 10 seconds

Very cool post. I was looking for a firewall a few days ago and ended up installing firewalld, but I didn't get to learn the commands. Will try this out later.

Next, we give it some basic rules. These are safe default rules. Basically we allow our computer to communicate outbound, but deny any incoming traffic attempts.

Does this affect torrent, sync programs and other p2p communication (like Nicotine+)? Cause I use them everyday.

cloverskull

Member

Registered: 2015-10-01

Posts: 348

Re: Firewall in 10 seconds

It may, your mileage may vary. I was still able to torrent ok downloading the latest bunsen ISO.

Plebeu

Member

Registered: 2017-08-01

Posts: 10

Re: Firewall in 10 seconds

Just installed it. Nicotine+(Soulseek), Megasync and qBittorrent work just fine. Thanks.