firewall for home network question

[Old Jimma]

Hi Ubuntuerainians and Ubuntuettes!!

i have a home network with 3 computers:

1. a "server" with lots of hard disk space running Ubuntu 18.04
2. a Lenovo laptop running Ubuntu 18.04, and
3. a raspberry pi running the latest raspian.

The laptop and raspberry pi computers have read-only access to

Folders on the "server" are accessed by the laptop and raspberry pi computers using NFS. The pi and lenovo computers have read-only privileges.

Also, the pi machine can be accessed using Remina RDP from both the "server" and the laptop.

After loosing my identity several times for no fault of my own, I came the to conclusion that I want to protect my home computers and network.

I tried installing GUFW.... seemed nice and simple, but could not figure out the "rules" to add to each machine to make it work.... and during this experimentation, neither the pi or laptop could access my server.

Can someone suggest how to procede to add more security either with GUFW or iptables?

I'm a geezer and have been running Ubuntu since around 2008 and spent alot of time in the early years getting my machines to work. I'm a geezer now and don't want to spend the rest of what is left in my live working on this.... and hope to have a simple solution. I can follow instructions!! Things that a re simple and work are best for me!!

I'll be so grateful for your patience and advice. If you want to give me step by step directions, I'm good for a coffee the next time you are in town!

Gratefully!
Old Old Old Old Old Jimma from the Old Country

[TheFu]

Every computer should be running a firewall. Each needs to configure have the firewall configured locally. There's no way you can use a firewall on a Linux desktop to protect a raspberry-pi from the internet or some other desktop.

You should also have a router that also runs a firewall, probably blocking all inbound requests and many outbound requests. For this device, it is important that the router firmware be upgraded every month with patches. If the vendor doesn't provide updates at least quarterly, check whether the device is still supported. Might need a new router or need to find some after-market firmware to use, which is updated monthly.

[SeijiSensei]

I have no firewalls on any computer behind my two routers.

[oldrocker99]

Here's what to do:

Code:

sudo ufw enable

It will return

Code:

firewall is enabled and added to startup

Or words to that effect.

[ank2]

In my opinion you don't need a firewall, unless you want to provide certain serivices to some users. If you don't run any services you don't need to take care using a firewall.

[TheFu]

In my opinion you don't need a firewall, unless you want to provide certain serivices to some users. If you don't run any services you don't need to take care using a firewall.

He's running NFS! That's a service. He needs a WAN firewall and on the LAN, so when NFS is misconfigured or the local firewall is misconfigured, it isn't open to the world. Layered security is needed for normal people.

[uRock]

He's running NFS! That's a service. He needs a WAN firewall and on the LAN, so when NFS is misconfigured or the local firewall is misconfigured, it isn't open to the world. Layered security is needed for normal people.

+1 Definitely needed when running services. I have all of my devices on one network and don't want any of the "smart" devices accessing my Motion camera streams. Back when I ran it as "just a desktop," I still enabled UFW.

[Old Jimma]

Jeepers!!

I am grateful for the spirited replies!!!

I will start by enabling a firewall for my ubuntu "server."

NFS is already set up and working and allows the laptop and raspberry pi to access certain folders on my ubuntu servers. The goal of using ufw is to make sure that nobody else can access files on the server other than the laptop and raspberry pi.

Please review my rules to see if I've specified the correct ufw rules below!

1. I'll enable NFS: # ufw enable nfs

2. Then allow for my laptop: #ufw allow from 192.168.1.71 to any port 80 proto nfs

3. And, allow for my raspberry pi: #ufw allow from 192.168.1.98 to any port 80 proto nfs

Do these commands achieve my goal?

(I really don't know why I should use port 80 rather than any other port. Can someone comment on this?)

Thanks,
Old JImma

[TheFu]

I don't think this does what you want.
We need to see

Code:

sudo ufw status

output.

[Old Jimma]

Here is the results from doing a

sudo ufw status

:

sudo: ufw: command not found

Old Jimma