Comments on: Firewall Ubuntu Desktops

By: bodhi.zazen

bodhi.zazen — Tue, 12 Oct 2010 14:57:58 +0000

Thank you for your kind words Live.

Personally I encourage you start with UFW. UFW is sufficient for most desktop users and is easy to implement.

More important, the syntax of UFW is close to iptables, so if you learn how to use UFW it is easier to then use iptables.

iptables is more “powerful” as it has many options that are simply not easily available in UFW. Allowing outbound traffic per user and NAT would be two examples.

Personally I tend to use ufw on mobile devices (laptops / netbooks) and iptables on servers.

HTH =)

By: Live

Live — Mon, 11 Oct 2010 23:58:35 +0000

Hi bodhi, always learning a lot from you, which is more powerful, UFW or iptables? For a beginner or SOHO environment?

Also, do you think GUFW is severely limited? The reason I’m asking is, I can’t configure NAT’ing in GUFW.

By: bodhi.zazen

bodhi.zazen — Mon, 21 Jun 2010 21:23:31 +0000

@ Mörgæs

sudo ufw allow proto tcp from 192.186.x.x/24 to your_ip_address port 22

Example (assuming your ssh server is at 192.168.0.10):

ufw allow proto tcp from 192.168.0.0/24 to 192.168.0.10 port 22

By: Mörgæs

Mörgæs — Mon, 21 Jun 2010 09:08:44 +0000

Hi, thanks for a good guide.

Is there an easy way for obtaining the following:

I would like an ssh server to be accessible for everyone on the local net (192.168.x.x.), but not for access from outside.

Thanks in advance.

By: just_shark

just_shark — Sun, 23 May 2010 22:02:53 +0000

Hello, im from Russia.
i’ve searched for manual like this for hours at russian-languaged websites and finally find the solution here.
thank you very much, mysterious friend.

Cyril, Russia, Saint-Petersburg.

PS:
sorry if there is mistakes in my comment.

By: osjak

osjak — Wed, 28 Apr 2010 01:32:02 +0000

To answer the first commenter, the double quotes in the text are not regular double quotes. So if a reader simply copies the line and attempts to run it, an error pops up. To fix the problem simply substitute the double quotes in the copied line with manually typed ones:
sudo bash -c “netstat -lpn | grep LISTEN | grep -v ^unix”

bodhi.zazen, thanks for this blog, very helpful.

By: Live

Live — Wed, 31 Mar 2010 03:58:36 +0000

Hi thank you very much for those enlightenment. I’m sorry I just replied now, after 3 months? Because I was very busy at work to think of security at the moment. Anyway, I read all those things you said above, and I’m very grateful for your answers.

More power to you sir! :)

By: bodhi.zazen

bodhi.zazen — Tue, 12 Jan 2010 05:51:14 +0000

Blocking torrents is not easy as basically the torrent clients are designed to evade such attempts on your part.

You have been given some good advice in your thread, I would point you at this thread.

http://serverfault.com/questions/27088/using-linux-iptables-how-to-block-torrents-or-any-p2p-protocols

I believe the best solution is to use a proxy server for web access, ie something like squid.

So, if you are on a low budget, configure a hardware firewall (which is nothing but an inexpensive box with two network cards) and install a firewall specific distro + squid.

You would then configure the firewall to allow as much internal traffic as you wish, but restrict outbound traffic to http and https (ports 80 and 443) which would be proxied by squid.

Yes it can still be abused.

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid

http://www.linuxjunkies.org/html/Bandwidth-Limiting-HOWTO.html

By: Live

Live — Tue, 12 Jan 2010 01:44:08 +0000

Hi, how do I block torrents from our home / office network? I’ve already posted my question here: http://ubuntuforums.org/showthread.php?t=1373079

Thanks for making such a nice blog.

By: Build a secure desktop firewall with ufw-part I « Le Blog de Maurice

Build a secure desktop firewall with ufw-part I « Le Blog de Maurice — Mon, 14 Dec 2009 16:26:41 +0000

[...] ufw firewall setting by hand http://beginlinux.com/blog/2009/10/advanced-ufw-settings/ http://blog.bodhizazen.net/linux/firewall-ubuntu-desktops/ Editing ufw rules by [...]