What is your firewall of choise?

[MidnightJulia]

Yes


You don't have any services running by default... only when you start installing services...
And besides, the reason windows also needs an outgoing firewall is because of all that spy/crapware gets added - a lot of programs that you get from shady sources and even retail stuff "phones" home....

My system isn't a default system. I am constantly installing and running new applications just for the sake of learning. And now and then I open a port or something that I shouldn't. Since I'm new I'm not always able to repair the damage. So Ubuntu might not need a firewall - but I do.

Another thread: Isn't the point of running a firewall more about keeping crackers out than protecting against windowsware?

and if you have a firewall in your router, you're better of configuring that one for the benefit of your whole network.

It is configured. But that doesn't mean I can't use a software firewall also

[hyper_ch]

what will iptables help you if you have a configure firewall?

well, in windows you have to block outgoing connections as often as incoming ones hence in windows a firewall has other purposes than here.

[brian_p]

My system isn't a default system. I am constantly installing and running new applications just for the sake of learning. And now and then I open a port or something that I shouldn't.

That's good. Explore all you want. You can do no harm if you don't alter the default configurations of services and you familiarise yourself with the basic documentation if you do make changes.

Since I'm new I'm not always able to repair the damage.

There is no damage done by opening a port.

So Ubuntu might not need a firewall - but I do.

So, it's not the OS which needs fixing then.

[Chayak]

Cisco ASA5505 Sec +

Upside is that it's a very powerful and feature filled device that can do everything from DMZs with varying security levels to point-to-point vpn tunnels and act as a VPN server.

Downside is it's expensive and compicated. I work with ASAs quite a bit and I still find myself cracking open a book from time to time. ASDM makes it a bit easier but you still have to know how cisco does things to configure it properly.

[vishzilla]

i personally use ufw, really simple cli tool

[MidnightJulia]

That's good. Explore all you want. You can do no harm if you don't alter the default configurations of services and you familiarise yourself with the basic documentation if you do make changes.

Ubuntu is acutely the first operating system I feel is really interesting to work with. I've used Windows since 3.1 untill Vista & Mac OS since 7.1 until Leopard but I've never felt the interest to dig deeper into their inner workings. So I really like Ubuntu even if I don't understand half of what I'm doing right now.

There is no damage done by opening a port.

Still open ports are (if I'm not mistaken) an invite for crackers? Isn't it better to have the computer just drop the packages?

So, it's not the OS which needs fixing then.

Maybe not

[brian_p]

Still open ports are (if I'm not mistaken) an invite for crackers? Isn't it better to have the computer just drop the packages?

Your software is up to date? It doesn't matter if the packets are accepted, rejected or dropped, a cracker can do nothing. The vast majority of intrusions attempts are automated anyway and easily countered with Ubuntu default daemon configurations. There is nothing to fear.

You would have to really go out of your way to make a default configuration unsafe. Taking exim4 as an example you could have it relay mail for anyone on the internet, but that would imply ignoring all the warnings about how unwise it would be or not bothering to read them. Having made that choice the firewall would be unable to provide any protection.

[MidnightJulia]

Your software is up to date? It doesn't matter if the packets are accepted, rejected or dropped, a cracker can do nothing. The vast majority of intrusions attempts are automated anyway and easily countered with Ubuntu default daemon configurations. There is nothing to fear.

I always update my software. Every time I boot up I check for updates to be honest

Interesting! This is completely new for me. But isn't it to prefer that packets are silently dropped rather than the computer answers that the port is open? If the cracker has a 0 day exploit and there isn't a patch it seems to me like you've got a problem.

[MidnightJulia]

Cisco ASA5505 Sec +

Upside is that it's a very powerful and feature filled device that can do everything from DMZs with varying security levels to point-to-point vpn tunnels and act as a VPN server.

Downside is it's expensive and compicated. I work with ASAs quite a bit and I still find myself cracking open a book from time to time. ASDM makes it a bit easier but you still have to know how cisco does things to configure it properly.

Hardware firewalls are truly the best: hardend bests that seem to work much better than their software counterparts. Our network is protected by something like your Cisco and it's really great. More or less everything is stopped before it even get into the network.

I'd think they're quite hard to configure correctly. But I really don't know since I don't own the firewall so I've never needed to configure it No but seriously - it quite cool, so I'd love to learn.

[jerome1232]

Sitting behind my router, except it doesn't log rejected packets; UFW/iptables does. So I put my little server in dmz mode and use UFW for my simple firewall needs.