Firewalls in Linux

Firewalls in Linux are installed by default (ufw). They are known as iptables, but it allows all traffic by default. Iptables is a standard firewall included in most Linux distributions by default. It is actually a front end to the kernel-level netfilter hooks that can manipulate the Linux network stack. It works by matching each packet that crosses the networking interface against a set of rules to decide what to do.

The iptables firewall operates by comparing network traffic against a set of rules. The rules define the characteristics that a packet must have to match the rule, and the action that should be taken for matching packets.

Linux iptables is a strong, business-class solution when implemented and maintained correctly. The difficulty with it is two-fold: 1) most businesses do not have the expertise or commitment to maintaining the solution, 2) just like a Windows-based solution (i.e. ISA Server), there may be weaknesses in the host OS that can be exploited to compromise the security of the application. The firewall host should not be allowed any other roles on the network besides being a firewall.

Iptables is what makes Linux distros more secure right out of the box. The iptables are maintained by your Linux distro’s and the community for known threats in the world.

Gufw:

If you want more control over the iptables and don’t want to mess with the command terminal window to change rules, then you have to install (gufw). This is the graphical interface for the ufw already installed in your Linux distro.

To install the (gufw) you can open your Software Manager and search for the (gufw) program, double click on it and then install it. Or you can open a terminal window by pressing (Ctrl Alt T) together. Copy and paste in the terminal window sudo apt-get install gfuw

Now that the (gufw “Firewall”) is install and turned it on, you may find that VNC or VPN ports are blocked and not working any more. Since the (gufw) is a simple graphical interface to the iptables you can open and close ports without knowing all the terminal window commands. Makes life much easier.

How to use Gufw:

When you do a port scan, you want as many ports as you can to be in Stealth mode. Some ports may say Closed because you need to access them like with your VNC or VPN ports. Your scans my very due to your distro and your router.

Example of Stealth Ports: (Used a port scan from www.grc.com)

Stealth-Ports

Note: If you’re behind a router at home or at work, it’s blocking most of the ports for you (depending on the model of your router). I got this with the Status On and Off when I did the test. So it was my router that’s really working here. However when the Status is turned on my VNC stops working so I know that the (gufw “Firewall”) is working. So when your in a public Hot Spot the (gufw) gives you more protection.

Closed Port: (VNC port being used)

Stealth Closed Port

To open your (gufw) program,  if you closed your terminal window re-open by typing (Ctrl Alt T) then copy and past the following into the terminal window. gksu gufw  or maybe in your Menu but not in my XFCE menu. 

You should now get the following screen. Make sure where it says Status: you turn it on!

Gufw-Fresh-Setup

I have the Rules, Listening Report and Log windows expanded open. Yours may not be.

This is also a great way to monitor what activity is going on in your network. Check out the Listening Report window, shows you ports are being used and pinged.

The Log window can show you if your app is being blocked and what ports and IP address you may need to setup with the Simple or Advanced Rules.

I will be setting up a VNC port as I can use any of the 3 Rules with (gufw) Pre-Configured, Simple or Advanced.

Pre-Configured:

Gufw-VNC-Pre-Config-Setup

Simple:

Gufw-VNC-Simple-Config-Setup

Advanced:

Gufw-VNC-Advanced-Config-Setup

Once configured, it should look like this in the Rules window:

Gufw-with-VNC-Rules

 

Once you have your Rules setup, test to see if you program works. So using VNC I’ve logged in and the I see the activity in the Lisenting Report window the the Port 5900 for my VNC program is working. See it in red and it also tells me what program is running and using this port.

Gufw-VNC-port-active

So this is the basic setup for the (gufw) in your Linux distro. Have fun with it and be safe.

References for this article.

https://help.ubuntu.com/community/Gufw

https://help.ubuntu.com/community/IptablesHowTo

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1 Comment

  1. خرید vpn on June 5, 2015 at 1:08 AM

    خرید vpn,خرید وی پی ان

Leave a Comment

You must be logged in to post a comment.