Linux

47738 readers

1166 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Firewalls: what SHOULD I block? (lemmy.wtf)

submitted 2 weeks ago by Cornflake_Dog@lemmy.wtf to c/linux@lemmy.ml

71 comments fedilink hide all child comments

Hey there folks,

I'm trying to figure out how to configure my UFW, and I'm just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I'm a total newbie to configuring firewalls so I'm just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don't even know how/where to monitor local traffic to figure out what I can/should consider blocking.

(page 2) 24 comments

sorted by: hot top controversial new old

[–] fool@programming.dev 1 points 2 weeks ago

Lots of good answers here but I'll toss in my own "figure out what you need" experience from my first firewall funtime. (Disclaimer: I used nftables -- it should be similar to ufw in terms of defaults though).

Right off the bat, everything unneeded was blocked. I "needed" no configuration, except for maybe...
Whatever CUPS runs on (when I use it)
Sometimes I ran python -m http.server -- I unblocked port 8000 for personal use.
I chose to unblock port 53 (DNS). I wanted to connect to another computer via hostname IIRC (e.g. connecting to raspberry-pi.local. I might be misremembering this though).
At one point I played with NGINX -- that's port 80 (HTTP) and port 443 (HTTPS).
SSH was already permitted (port 22 -- you need root access to enable traffic through ports below 1024 anyway so this wasn't an issue for running typical apps)

I didn't use WireShark back then, really. I think I just ran something like

sudo lsof -nP -iTCP -sTCP:LISTEN

which showed me a bunch of port traffic (mostly just harmless language servers).

You don't have to dive to deep into all the "egress" and "ingress" and whatnot unless you're doing something special. Or your software uses a weird port. (LocalSend lol)

[–] drkt@lemmy.dbzer0.com -5 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

You shouldn't be touching it, honestly. There's a firewall at your router. It should be responsible for blocking incoming traffic. Firewalls on individual machines are for servers where you know exactly what's going in and out. I don't have a firewall on my desktop or laptop.

You will spend the best years of your life chasing random network connections if you block everything by default.

[–] ReversalHatchery@beehaw.org 1 points 2 weeks ago (5 children)

I don't have a firewall on my desktop or laptop

you are brave to use your laptop that way. or is it used as a stationary device?

but yes it is useful at home if you live with people who you don't trust to be managing their computer safely

load more comments (5 replies)

load more comments (3 replies)

load more comments