[IMPORTANT] Can We Get an Update On Firewall Configuration?

Optimize your system for ultimate performance.

Moderators: MattKingUSA, khz

Post Reply
User avatar
tapenade
Established Member
Posts: 37
Joined: Sun Apr 17, 2022 6:08 pm
Has thanked: 29 times
Been thanked: 4 times

[IMPORTANT] Can We Get an Update On Firewall Configuration?

Post by tapenade »

Please, there are some really nice smart good people here who know how to problem solve technical enigmas within brief quantities of time.
Y'all already proved that to me.

Can we please get some modern circa 2022 updates on how to obtain and install Linux Firewalls successfully and how to avoid being used for target practice by online predators of the data piercing kind?

I know there's a few tutorials here and there, but for those who have managed to dodge the data bullets for the longest, can you shed some modern light on us in the dark?

And for those of you who know what it's like to have a system destroyed by data intruders, can you explain to us in your own words, what you learned is a better way to avoid that stuff? If you DO choose to help us out, PLEASE DO NOT TELL US TOO MUCH. IF YOU KNOW OF A WORKING TECHNIQUE THAT NEEDS TO STAY A SECRET--KEEP YOUR SECRETS, for your own sakes.

I say this because all this wonderful shared info about xruns and awesomely impressive tools and tunes is moot if we can't prevent outsiders from erasing or corrupting or cloning our own property. Obviously, were not exclusively using Microsoft Windows, so were NOT license users merely "renting" use of our OSes, the Microsoft way. For so many Linux users, we might not be the authors of the kernels or the distros, but we got a right to use the tools we were freely freeware creative commons copyleft or whatnot given.

This can't realistically be left out.
Hostile intrustions can spoil several decades of hard work within seconds.
Many of you already know I was reminded of that yesterday when my brand new system got hacked.

Instead of putting me into the hotseat on that, how about maximizing the opportunity to harden our own community security.

Obviously I'm not trying to be running TAILS nor QUBES.
I'm trying to make music, not international contraband deals or diplomatic communique's

Seriously, can you local (online) gurus help us out?
I've got some basic Linux literacy, and I'm trying to bail out of data loss and loss of time.
I'm wanting to recoup my losses if possible and still be good to my word and promises to help these Linux communities.

Microsoft or Google or whomever might own all of the towns I've lived in, but they don't own me.
They might own the telephone companies, but Linux is allowed to be a thing. Data intrusion doesn't have to be a guarantee.

But if I'm wrong about that stuff. Then WHAT CAN WE DO TO KEEP OUR EFFORTS FROM BEING UNDERMINED by people who might have both an addiction and a hobby of messing up other peoples (including our) stuff?

Think about it... think about it... think about it.
Then answer if you can.

If you don't' get many more comments or questions from me, just take it all into consideration.
My data is NOT anybody elses data, unless and until I give it to them voluntarily.
Theft is theft, Zero = 0, One = 1.

Ein ist ein. (1=1).
Peace unto the A.I. contemporary and future allies, as well.
Boolean truths matter.
$ totally bogus bullsh*t > /dev/null
barbouze
Established Member
Posts: 186
Joined: Tue May 26, 2015 12:26 pm
Has thanked: 2 times
Been thanked: 16 times

Re: [IMPORTANT] Can We Get an Update On Firewall Configuration?

Post by barbouze »

Hi!
Security is a complex and deep subject.
What would work for someone wouldn't for another depending on their installation/use case and this also depends on what is already available/what you're willing to spend (in terms of time and money). It can be as simple a ticking a box in your router configuration or as hard as installing and configuring a/multiple dedicated device(s).
You can start by searching for "IT security best practices" and reading from 3-5 sources you will get a good idea of what to do and what not to.
User avatar
scott.thomason
Established Member
Posts: 120
Joined: Fri Apr 01, 2022 2:54 am
Has thanked: 16 times
Been thanked: 27 times
Contact:

Re: [IMPORTANT] Can We Get an Update On Firewall Configuration?

Post by scott.thomason »

tapenade wrote: Tue May 03, 2022 1:20 am Can we please get some modern circa 2022 updates on how to obtain and install Linux Firewalls successfully and how to avoid being used for target practice by online predators of the data piercing kind?
If your talking about securing a regular ol' workstation for home use, firewalling is a piece of cake. Here are some easy instructions for Debian-derived systems, if you're using Fedora you'll have to look elsewhere...

Code: Select all

apt-get install gufw
It's probably already installed, but if not, that will install the ufw firewall and the gufw GUI management tool. After it's installed, it's a really quick setup...just fire up gufw from the menu, and follow the brief instructions right in front of you for defining a home use profile. It will literally only take a minute or two for the whole process.
---scott

LinkedIn
robin
Established Member
Posts: 40
Joined: Wed Nov 04, 2020 10:56 am
Been thanked: 3 times

Re: [IMPORTANT] Can We Get an Update On Firewall Configuration?

Post by robin »

I professionally maintain around 100 internet facing servers protected by shorewall, and I have not had a (known) security incident in over 10 years. Basic security work is:
- don't expose ports you don't use to the internet
- use key or certificate based authentication only, wherever possible
- use bruteforce protection where key/cert based is unavailable (fail2ban)
- stay reasonably updated
- use as little external repositories as possible
- dont execute untrusted code

As far as firewalls go, ufw, firewalld and shorewall are the prominent ones and all use iptables as a base, so it doesnt really matter which one you prefer. For external firewalls there is opnsense, based on BSDs "pf" filter rather than linuxs iptables.

If you are interested in the more technical local solution, have a look at apparmour / selinux, or switch to sandboxed flatpaks instead of native packages.

But if you are looking for data loss prevention I would recommend you think about backups, rather than firewalls. Two cold backups (i. e. not attached to your device all the time) should protect you against most common data loss scenarios. Be sure to do a test recovery once in a while, though...
Post Reply