Page 2 of 12 FirstFirst 1234 ... LastLast
Results 11 to 20 of 114

Thread: Creating a Firewall for Your Ubuntu Desktop

  1. #11
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Creating a Firewall for Your Ubuntu Desktop

    Open up Transmission go to Edit > Preferences then the network tab. Make sure 'Port used for incoming connections' is 51413 and that pick a random port every time transmission is started is not checked.

    See if this helps.

  2. #12
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Rate limiting for new SSH connections

    SSH gets hammered by brute force attacks pretty much from the moment it is first turned on. An example of limiting the rate of connection attempts might be helpful.

  3. #13
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Creating a Firewall for Your Ubuntu Desktop

    This guide was designed for the desktop system running no services. However here is an example of using iptables to rate limit.

    Code:
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
    This will drop any connections that are attempted more than 10 times in 60 seconds to port 22 TCP. Keep in mind if you have a rule like this

    Code:
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
    the first rule must come before it.

    Hope this helps.

  4. #14
    Join Date
    Oct 2011
    Beans
    92

    Re: Creating a Firewall for Your Ubuntu Desktop

    Quote Originally Posted by Dangertux View Post
    Open up Transmission go to Edit > Preferences then the network tab. Make sure 'Port used for incoming connections' is 51413 and that pick a random port every time transmission is started is not checked.

    See if this helps.
    Yep, those are the setting I have. So still no joy

    It seems from netstat that transmission is listening on 51413 but is also attempting connections on various high number ports..

  5. #15
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Creating a Firewall for Your Ubuntu Desktop

    Quote Originally Posted by Azrael84 View Post
    Yep, those are the setting I have. So still no joy

    It seems from netstat that transmission is listening on 51413 but is also attempting connections on various high number ports..

    Okay this is really weird, I can't reproduce this 100% of the time but if you're having issues with bittorrent and this guide allow port 6969 TCP outbound in your firewall. For some reason some versions netfilter will consider the tracker connection RELATED others it does not, I'm not sure why. But that should fix your problem.

  6. #16
    Join Date
    Oct 2011
    Beans
    92

    Re: Creating a Firewall for Your Ubuntu Desktop

    Quote Originally Posted by Dangertux View Post
    Okay this is really weird, I can't reproduce this 100% of the time but if you're having issues with bittorrent and this guide allow port 6969 TCP outbound in your firewall. For some reason some versions netfilter will consider the tracker connection RELATED others it does not, I'm not sure why. But that should fix your problem.
    Still no joy for me ...well actually I did manage to get a torrent downloading at a very very very slow speed for a few seconds, but then nada on any others after that unless I turn the ufw off. After having a google, I wonder if for some reason when the firewall is on I need to do portforwarding on 51413 to allow transmission to work? I'm not not sure about this though..

  7. #17
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Creating a Firewall for Your Ubuntu Desktop

    You shouldn't have to port forward anything, since the firewall is local to the machine there is really nothing to port forward to.

  8. #18
    Join Date
    Aug 2005
    Location
    Sydney, Australia
    Beans
    456
    Distro
    Ubuntu Development Release

    Re: Rate limiting for new SSH connections

    Quote Originally Posted by Lars Noodén View Post
    SSH gets hammered by brute force attacks pretty much from the moment it is first turned on. An example of limiting the rate of connection attempts might be helpful.
    I've found that fail2ban works wonders for brute force attacks.

  9. #19
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Creating a Firewall for Your Ubuntu Desktop

    Added a little bit to the iptables section. Because Debian based systems are stupid about iptables-save. Should solve some of the persistence problems several users have PM'ed me about where their iptables rules are disappearing when they reboot.

  10. #20
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    2,324
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Creating a Firewall for Your Ubuntu Desktop

    An excellent posting, and it obviously took some time to do.
    In method 3, iptables, I do not understand something about the peristent stuff. I understand the part about saving the rules and using the saved version on boot up (and I have used that method in the past). What I am not understanding is how the various /proc/sys/net bits would get set or reset as per the original script, as this part would not be done via the iptables-restore command. As mentioned in the comments in the example script, maybe it doesn't matter for this case. I use the rc level stuff to execute my firewall script on system startup, and actually didn't know about the pre-up method used in this example. If one needs it for some reason, such as some non-iptables related stuff, could the pre-up method just execute the original script? For example:
    Code:
    pre-up /home/doug/init/iptables.sh
    Last edited by Doug S; November 13th, 2011 at 06:18 PM. Reason: typos, always typos

Page 2 of 12 FirstFirst 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •