Comments on: Firewall Ubuntu Desktops

By: bodhi.zazen

bodhi.zazen — Mon, 21 Jun 2010 21:23:31 +0000

@ Mörgæs

sudo ufw allow proto tcp from 192.186.x.x/24 to your_ip_address port 22

Example (assuming your ssh server is at 192.168.0.10):

ufw allow proto tcp from 192.168.0.0/24 to 192.168.0.10 port 22

By: Mörgæs

Mörgæs — Mon, 21 Jun 2010 09:08:44 +0000

Hi, thanks for a good guide.

Is there an easy way for obtaining the following:

I would like an ssh server to be accessible for everyone on the local net (192.168.x.x.), but not for access from outside.

Thanks in advance.

By: just_shark

just_shark — Sun, 23 May 2010 22:02:53 +0000

Hello, im from Russia.
i’ve searched for manual like this for hours at russian-languaged websites and finally find the solution here.
thank you very much, mysterious friend.

Cyril, Russia, Saint-Petersburg.

PS:
sorry if there is mistakes in my comment.

By: osjak

osjak — Wed, 28 Apr 2010 01:32:02 +0000

To answer the first commenter, the double quotes in the text are not regular double quotes. So if a reader simply copies the line and attempts to run it, an error pops up. To fix the problem simply substitute the double quotes in the copied line with manually typed ones:
sudo bash -c “netstat -lpn | grep LISTEN | grep -v ^unix”

bodhi.zazen, thanks for this blog, very helpful.

By: Live

Live — Wed, 31 Mar 2010 03:58:36 +0000

Hi thank you very much for those enlightenment. I’m sorry I just replied now, after 3 months? Because I was very busy at work to think of security at the moment. Anyway, I read all those things you said above, and I’m very grateful for your answers.

More power to you sir! :)

By: bodhi.zazen

bodhi.zazen — Tue, 12 Jan 2010 05:51:14 +0000

Blocking torrents is not easy as basically the torrent clients are designed to evade such attempts on your part.

You have been given some good advice in your thread, I would point you at this thread.

http://serverfault.com/questions/27088/using-linux-iptables-how-to-block-torrents-or-any-p2p-protocols

I believe the best solution is to use a proxy server for web access, ie something like squid.

So, if you are on a low budget, configure a hardware firewall (which is nothing but an inexpensive box with two network cards) and install a firewall specific distro + squid.

You would then configure the firewall to allow as much internal traffic as you wish, but restrict outbound traffic to http and https (ports 80 and 443) which would be proxied by squid.

Yes it can still be abused.

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid

http://www.linuxjunkies.org/html/Bandwidth-Limiting-HOWTO.html

By: Live

Live — Tue, 12 Jan 2010 01:44:08 +0000

Hi, how do I block torrents from our home / office network? I’ve already posted my question here: http://ubuntuforums.org/showthread.php?t=1373079

Thanks for making such a nice blog.

By: Build a secure desktop firewall with ufw-part I « Le Blog de Maurice

Build a secure desktop firewall with ufw-part I « Le Blog de Maurice — Mon, 14 Dec 2009 16:26:41 +0000

[...] ufw firewall setting by hand http://beginlinux.com/blog/2009/10/advanced-ufw-settings/ http://blog.bodhizazen.net/linux/firewall-ubuntu-desktops/ Editing ufw rules by [...]

By: Peng’s links for Thursday, 3 December « I’m Just an Avatar

Peng’s links for Thursday, 3 December « I’m Just an Avatar — Thu, 03 Dec 2009 19:33:33 +0000

[...] Firewall Ubuntu Desktops. Windows users have gotten use to the idea that they should always use a firewall on their system [...]

By: Bodhi.Zazen: Firewall Ubuntu GUFW | TuxWire : The Linux Blog

Bodhi.Zazen: Firewall Ubuntu GUFW | TuxWire : The Linux Blog — Wed, 25 Nov 2009 03:12:02 +0000

[...] Firewall Ubuntu Desktops Firewall Ubuntu Servers [...]