Gee! These Aren't Roasted!
Confused about ubuntu 9.10 firewall
Hello all and happy holidays--I need a simply answer am i safe surfing the internet with a fresh install of ubuntu 9.10 running firefox? I would like to know if any firewall is on for protection or do i need another program installed? I was told that i'm safe from the install-Thanks for any help..
Ubuntu Community Council Member
Now now, I didn't say you were safe the moment you install ubuntu. You have to configure the firewalls first. Thats what Firestarter does (NOTE TO ALL: Reference this thread), it configures the iptables. If you don't do that, it won't work. You can also reconfigure iptables manually (see this), but Firestarter does it and makes it easier.
Thomas
LP: ~teward
Gee! These Aren't Roasted!
So-firestarter will block only what i tell it to block or does it work blocking right after install?
Dark Roasted Ubuntu
You don't need a firewall if you haven't installed any servers. In other words, if you are using Ubuntu pretty much as it came off the liveCD, then you don't have to do anything. The only thing to keep in mind is not to install .debs from unknown sources. Always use the package repositories.
Gee! These Aren't Roasted!
Then i'm safe! Cool thank you!!!!
Tea Glorious Tea!
Okay: firestarter's default policy is to deny all inbound connection attempts and to allow all outbound connections. You can change this from within its menus.Originally Posted by hatewindows
There is another couple of firewall config managers in the repos. All are good and have various quirks. However firestarter is a good one for the home user (as opposed to fwbuilder which is really for someone who has some idea of what they're doing).
Ubuntu Community Council Member
i agree with euler_fan. Firestarter's a good firewall for your needs.
Even though I run an SSH server for my own use only off of my laptop, it doesnt run on a standard port, so the firewall helps to track unwanted connection attempts at the standard ssh/sftp ports on my computer.
Thomas
LP: ~teward
Walking moon
If you are new to Ubuntu I suggest you start with this thread :
Ubuntu Security - Ubuntu Forums
In terms of a firewall, what is it you are trying to accomplish ? The OP specifically stated a default Ubuntu installation.
By default, there are no significant servers listening for connections, so configuring the firewall any further will NOT add to security.
Furthermore, the default firewall is netfilter, which is configured by iptables. Iptables is not so new user friendly, so there are a number of configuration tools. The default tool in Ubuntu is UFW.
So, before you install firestarter, start with the default applications.
http://blog.bodhizazen.net/linux/firewall-ubuntu-gufw/
http://blog.bodhizazen.net/linux/fir...untu-desktops/
Frutermore, to give you a more specific answer we need more information.
What is your network architecture, do you use a router or direct connection to the internet ? Do you intend to run any servers or file sharing (torrents) ?
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Add-on Developer
A firewall won't protect your browsing activities, since Firefox does not accept remote connections (it's not a server), only generate connections requested by you.
Keep in mind that Firestarter is just a firewall manager, that allows you to create rules for the real firewall. You don't need firestarter to be running to be protected, once you configured it properly.
I agree. Most of the time, a firewall will be useless. If you don't have any servers running, then all incoming unrequested connections will be rejected, even without a firewall or with firewall rules that allow all traffic. On the other hand, if you have a server running, then the firewall is useful only if you want to allow certain machines to connect to the server while blocking others. For example to limit access only to machines on your local network. But if you want for example to use p2p applications, then the firewall is useless, because you will need to allow incoming unrequested connections anyway.
Additionally, if you use a router, the firewall is redundant.
I disagree. Just make a google search for firestater and you will find lots of threads with issues. The recommended firewall manager these days is gufw, which is easier than Firestarter, less buggy and better maintained (some people say Firestarter is not even maintained anymore). Besides, running Firestarter to monitor connection attempts is just a waste of time and a security risk, since Firestarter needs administrative privileges to run.
If you want to protect your ssh server, use encryption keys for authentication instead of passwords, disable password authentication, disable root access, configure an alternative port as you did and configure your router to accept connections only from your remote machine (if possible). If that is not enough, you can monitor the authentication logs. Monitoring connection attempts blocked by the firewall is waste of time. They are blocked. What you need to be concerned are successful authentications and that won't show in the Firestarter logs.
EDIT: I need to start typing faster or reduce my texts. I was beaten by the ubuntu security guru by 17 minutesAnyway, I think my post add some useful stuff too.
Last edited by lovinglinux; December 21st, 2009 at 06:06 AM.
Caffeine Fueled
Just to add to what lovinglinux said, Firestarter is no longer maintained by the origional author. The Debian maintainer adds bug fixes for each new release, but that is about it. There haven't been any new features added since 2005.
Posting Permissions
Adv Reply
Bookmarks