Firewalls - what to use.

[The Cog]

You do not require a listening services to break into a system.What is need is using exploits or creating exploit to break into any default program used by ubuntu.Therefore firewall is still needed where it act as a barrier.You do not require to perform dictionary attack on SSH but you can do it by breaking the sudo password where you get root.

Sorry, I don't understand what you mean. I don't see how you can exploit a system if it's not accepting connections. And a default Ubuntu doesn't accept connections, firewall or not.

[wacky_sung]

Sorry, I don't understand what you mean. I don't see how you can exploit a system if it's not accepting connections. And a default Ubuntu doesn't accept connections, firewall or not.

You need not to have listening connection from your victim if you are using exploit to crack a system.If you do not believe me, try to compile an exploit to use it locally or remotely depending on the type of exploits in which you are using.

[The Cog]

I don't see how you can "use an exploit" to break into a system if you can't connect to it. But that's beside the point really - we were discussing whether firewalls are necessary. I still maintain that in general they are not necessary because they don't add anything: a default Ubuntu install doesn't accept incoming connections, and so doesn't need a firewall to block incoming connections.

If it is possible to "use an exploit" to break into a system without connecting to it then firewalls are useless, and so is the fact that Ubuntu doesn't accept incoming connections.

[robert_pectol]

You need not to have listening connection from your victim if you are using exploit to crack a system.

Nope! With no services listening, you have no entrance vector unless you can successfully attack the network stack. Not gonna happen!

If you do not believe me, try to compile an exploit to use it locally or remotely depending on the type of exploits in which you are using.

This doesn't support your case. How does compiling an exploit prove your point, especially a local one? It's either a distractor statement, or you're really confused!

[amac777]

If it is possible to "use an exploit" to break into a system without connecting to it then firewalls are useless, and so is the fact that Ubuntu doesn't accept incoming connections.

Maybe the OP means if you somehow got malware installed that acts like a server and listens for connections on some random port without your noticing then the firewall would prevent anyone from connecting to that port?

Of course, if you only use the trusted Ubuntu repositories to install software that would be highly unlikely to happen.

[Jonny87]

Of course, if you only use the trusted Ubuntu repositories to install software that would be highly unlikely to happen.

I agree with you there, though sometimes that isn't always possible when it comes to requiring additional drivers for a printer or some new PCI device that you've just brought. The not so technical person may not know exactly what to look for or what to trust.

Anyway back to the main topic, Firewalls, I must say that this thread has surprised me with the responses. While it goes against my training and what I've been taught on this matter, I'm willing look into it a bit more. Perhaps if someone could provide some references to support the idea that Linux doesn't need a firewall (something reasonably official preferably), I would be able to check it out.

[The Cog]

It's possible that's what he's thinking. But once the once malware is running on your system, it's Game Over. A firewall isn't going to help once the bad guy is inside the system. Look at all the millions of windows PCs that had the firewall enabled, and yet happily send your credit card details to strangers and stream spam.

The prime purpose of a firewall on windows is to block incoming connections to all the listening services that a default windows install opens. I have to say that the logic of making an OS with lots of services listening by default, and then installing a firewall by default to block them all again seems somewhat odd. But that's what makes so many people think that a firewall is always needed. On windows, it is.

[HermanAB]

Exactly.

There is no magic in 'ports'. A port is just a Berkeley number. An open port has a service listening for that number. A closed port has nothing listening.

A software firewall hooks itself in front of the network stack so that it listens on all ports and then drop packets on the closed ports, in case there is something stupid listening somewhere behind it. This is the way Microsoft usually does things. Whenever someone discovers a problem, they layer another band-aid on top, instead of fixing the problem. So a firewall really is just a big box with 65,000 band-aids and on a properly configured Linux system, you don't need it, save the band-aids for Windows.

[Jonny87]

Would still like to see some references to support these claims.

If Ubuntu does not require a firewall what so ever, why does it come with ufw installed and in response to the above post, why are all ports open by default? If you have it all closed of you would get internet access and you have basic users getting frustrated cause their applications wouldn't communicate out.

https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/Firewall

So if there is no need to have a firewall at all, why just not have ufw and instead use the time and space into including something that explains why there isn't a firewall and why Ubuntu doesn't need one. One of the install slides perhaps.

[Velnias]

Firewall makes my Ubuntu box safer despite all possible my and linux errors. And its a lot easer and quicker to enable - no need to be an IT proffesional.