Firewalls - what to use.

[Jonny87]

I'm currently using Firestarter and I really like it for its listing of events and ability to add policies in by right clicking events etc.

However, I've been wondering, is it the best?
I wanting to know from people what they prefer as a graphical firewall. I've used GUFW and while I liked it for its simplicity in use I found a little too simple. Thats why I like firestarter.

I'm looking for a firewall that is easy to use but has plenty of advance feature to fully secure the computer. I have read the security sticky thread but I like to get the opinion a wide rang people.

[Machiavelli]

I believe that Firestarter has been discontinued. As far as I know there is NO need to use any firewall in Ubuntu. The only time you need a software firewall is when you do not trust the software you use or your ability to set it up. It is often easier to set up the software but to understand how the software works, and configurable firewall for this. You can trust the software that ubuntu itself provides. For ultimate security, use only the software source ubuntu provider and be sure to keep the software up to date with the Ubuntu Update Manager.

[phredbull]

I too thought that a Firewall is not needed unless your machine is set up for Remote Viewing or something.

[Jonny87]

Yea while a firewall may not be needed for the average home user running linux, I think it would be a bold statement to say that its not needed altogether. And to reject the need for a firewall I would think is poor network security practice.

I do realize that the threats in Linux are far less than in Windows, that was one of the things that appealed to me when first looked into changing to Linux. Though as secure as it is, no OS is 100% impervious from attacks.

[HermanAB]

Bear in mind that most firewall devices actually run Linux. So, do you want to put a firewall in front of the firewall recursively? It will be good business for Cisco...

So, no, most Linux systems do not need firewalls. The Linux network stack is pretty strong by default. Firewalls are only needed if you are doing unknown things, like hooking up Windows machines with unknown services running on them.

[robert_pectol]

Host-based firewalls on Linux are generally not useful unless you have specific reasons that warrant it. Most users will find that they hinder more than they help. So unless you are running any Internet facing daemons that provide services to external users, AND you need tighter access controls than the daemons themselves provide, perhaps a firewall could be useful. It is somewhat situation dependent. But under most circumstances, a host-based firewall is unnecessary. To run a firewall just to say you have a firewall doesn't make too much sense but if it helps you sleep at night, go for it! As you become more familiar with Linux and security, you'll come to the same conclusion.

[wacky_sung]

I totally disagree with people mention about running without firewall.If you think people cannot hack into your system but you can never stop people from crippling/hijacking your bandwidth by performing DDOS / brute force using dictionary attack.

[uRock]

A firewall is not needed unless server applications are installed or if there is no router between the host and cable/dsl modem.

IPTables are running by default. To configure IPTables using a GUI, then install GUFW via the Ubuntu Software Store.

I only enable the firewall on my netbook when I am connected to a public LAN, such as that at my school.

[The Cog]

... you can never stop people from crippling/hijacking your bandwidth by performing DDOS

No. Nor will configuring firewall rules on your computer. The link is already flooded and unusable before the traffic even reaches you. For that kind of attack, you need your ISP to stop the flood of incoming traffic.

...brute force using dictionary attack.

To what service? A default Ubuntu doesn't have any listening services, doesn't accept incoming connections at all. So there's nothing to submit dictionary passwords to.

What's more, if you do decide to install something like an SSH server and you had installed a firewall, you would then have to reconfigure the firewall to allow the connections in again anyway, otherwise installing the server would have been a complete waste of time.

The windows need for a firewall is to block connections to all those services that are running by default that you don't know about or don't know how to stop. That need is not there in Ubuntu Linux. Simply installing a firewall on Linux for the feel-good factor is a waste of time: you waste time installing it because there was nothing for it to block in the first place, and if you later install a service that you want then you waste further time reconfiguring it to let the connections into the service again.

A firewall is useful for filtering. If you have a list of IP addresses that you want to whitelist or blacklist rather than just allowing everything, then a firewall is useful. Or if you want to configure rules that block IP addresses that make too many connections too frequently (no use for a web server). But in either of these cases, you have a specific use for the firewall and know that you need it and know that you are going to configure it accordingly.

[wacky_sung]

No. Nor will configuring firewall rules on your computer. The link is already flooded and unusable before the traffic even reaches you. For that kind of attack, you need your ISP to stop the flood of incoming traffic.

I do not think you really need a ISP to filter DDOS if the attack is small where iptables is able to handle it.The time you really seek ISP help when attack by botnet.

To what service? A default Ubuntu doesn't have any listening services, doesn't accept incoming connections at all. So there's nothing to submit dictionary passwords to.

You do not require a listening services to break into a system.What is need is using exploits or creating exploit to break into any default program used by ubuntu.Therefore firewall is still needed where it act as a barrier.You do not require to perform dictionary attack on SSH but you can do it by breaking the sudo password where you get root.