LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-09-2014, 06:15 PM   #1
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,466

Rep: Reputation: 85
do I need a firewall?


I'm running Xubuntu 13.10, and I do just ordinary stuff, the most sensitive being online banking and purchasing things online. Xubuntu documentation says:

Set up a firewall


Firewalls help to prevent security breaches by blocking connections to your computer from unknown sources. No firewall is enabled in the default Xubuntu installation. However, you have a couple of options for enabling a firewall to protect your computer against unauthorized access by people on the Internet or your network.
You can install a firewall from Ubuntu Software Center. One such option is Firestarter, which is available from the Universe repository. For help and advice on configuring Firestarter, see the Firestarter Online Manual.
More advanced users may wish to use the UFW firewall, which is installed, but not enabled, in the default Xubuntu installation. See the UFW community documentation on the Ubuntu wiki for more information.






But there is no Firestarter in my Ubuntu Software Center and the (UFW) "uncomplicated" firewall looks pretty complicated to me. On top of that a seemingly very knowledgeable person said this:

In short: There is no need for it (a firewall). Ubuntu has no open port by default so there's nothing to block.

You should only need a *firewall* on a machine that directly lives on the internet and has services with open ports running that you *only* want to make available locally.




I just want to be reasonably safe but don't want to overload my system or unneccesarily complicate things. Do you think I need a firewall, and if so, UFW or something else? Thanks!
 
Old 03-09-2014, 06:38 PM   #2
brebs
Member
 
Registered: May 2013
Posts: 71

Rep: Reputation: Disabled
No you don't "need", but yes it's not something to forget about.

Important check for open ports:
Code:
netstat -tulpn
 
1 members found this post helpful.
Old 03-09-2014, 06:48 PM   #3
darry1966
Member
 
Registered: Sep 2011
Location: Christchurch NZ
Distribution: LinuxBBQ
Posts: 82

Rep: Reputation: Disabled
Quote:
Originally Posted by Gregg Bell View Post
I'm running Xubuntu 13.10, and I do just ordinary stuff, the most sensitive being online banking and purchasing things online. Xubuntu documentation says:

Set up a firewall


Firewalls help to prevent security breaches by blocking connections to your computer from unknown sources. No firewall is enabled in the default Xubuntu installation. However, you have a couple of options for enabling a firewall to protect your computer against unauthorized access by people on the Internet or your network.
You can install a firewall from Ubuntu Software Center. One such option is Firestarter, which is available from the Universe repository. For help and advice on configuring Firestarter, see the Firestarter Online Manual.
More advanced users may wish to use the UFW firewall, which is installed, but not enabled, in the default Xubuntu installation. See the UFW community documentation on the Ubuntu wiki for more information.






But there is no Firestarter in my Ubuntu Software Center and the (UFW) "uncomplicated" firewall looks pretty complicated to me. On top of that a seemingly very knowledgeable person said this:

In short: There is no need for it (a firewall). Ubuntu has no open port by default so there's nothing to block.

You should only need a *firewall* on a machine that directly lives on the internet and has services with open ports running that you *only* want to make available locally.




I just want to be reasonably safe but don't want to overload my system or unneccesarily complicate things. Do you think I need a firewall, and if so, UFW or something else? Thanks!
From Synaptic or apt-get install GUFW which is a simple graphical front-end for UFW.
 
1 members found this post helpful.
Old 03-09-2014, 07:52 PM   #4
gold_finger
Member
 
Registered: Jan 2014
Distribution: Mint Xfce, Voyager, SolydK
Posts: 50

Rep: Reputation: 12
If you're behind a router, chances are that it is already blocking unwanted incoming connections. But if you'd like more peace of mind, you can enable the UFW firewall and have it run in its default mode -- block incoming connections, allow outgoing connections. If you don't do things like remotely access your computer and don't need ports open for servers, etc., then leaving it at default should be fine. If you do those things, then will need to add "rules" to it through terminal which can be confusing. A graphical interface may be easier for things like that.

Open a terminal and enter the following to enable it:
Code:
sudo ufw enable
Check to make sure it worked:
Code:
sudo ufw status
Or, to see more details:
Code:
sudo ufw status verbose

That's it! It will automatically start on every reboot.


If you need to disable it for some reason:
Code:
sudo ufw disable
 
1 members found this post helpful.
Old 03-09-2014, 08:08 PM   #5
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
I would say that a firewall is part of basic security, so I would argue that you do need it. I always use one.

You may have noticed recent reports of routers being hacked and backdoored, so I would say that it is important to have a firewall and not rely on the one the router provides. I would also recommend setting up network manager or wicd to use OpenDNS as your DNS, overriding the settings you get from the router.
 
1 members found this post helpful.
Old 03-09-2014, 08:09 PM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,052

Rep: Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881
Quote:
Originally Posted by Gregg Bell View Post
I'm running Xubuntu 13.10, and I do just ordinary stuff, the most sensitive being online banking and purchasing things online.
Online banking is probably the most sensitive thing that most people do, so that doesn't get you off the hook. Mind you, if the weakness is at their end, a firewall doesn't do anything to help, either...

Quote:
Originally Posted by Gregg Bell View Post
Xubuntu documentation says:

One such option is Firestarter, which is available from the Universe repository. For help and advice on configuring Firestarter, see the Firestarter Online Manual.More advanced users may wish to use the UFW firewall, which is installed, but not enabled, in the default Xubuntu installation. See the UFW community documentation on the Ubuntu wiki for more information.
If you are not seeing the firestarter utility, and that documentation is up to date, chances are that you do not have the universe repo enabled. A quick search of the ubuntu documentation should reveal how to do that and it should be pretty easy.

Quote:
Originally Posted by Gregg Bell View Post
On top of that a seemingly very knowledgeable person said this:

In short: There is no need for it (a firewall). Ubuntu has no open port by default so there's nothing to block.

You should only need a *firewall* on a machine that directly lives on the internet and has services with open ports running that you *only* want to make available locally.

I just want to be reasonably safe but don't want to overload my system or unneccesarily complicate things. Do you think I need a firewall, and if so, UFW or something else? Thanks!
We can get in to an enormous philosophical discussion of the word 'need' if you like, but the long and the short of it is that a computer should be safe(-ish) without a local firewall, if everything else is flaw-free. The trouble is that you certainly can't guarantee that everything else is flaw-free and the smart money would be on there being a few potentially deadly flaws being there and just waiting to be discovered and exploited. (Recently, for example, there have been a couple of examples of quite large ranges of domestic networking equipment being found to be easily exploitable - this probably isn't the end of the world for people with decently configured local firewalls, but is rather worrying for anyone who was relying on the router/modem to be doing 'what it says on the tin' because the chances seem quite strong that it isn't.)

In this context, a firewall is a valuable extra layer of defence, although one that might not be absolutely necessary in 'an ideal world'. In an ideal world, you could leave the front door unlocked and it wouldn't be a problem, because no one would be dishonest.
 
1 members found this post helpful.
Old 03-09-2014, 09:54 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,340
Blog Entries: 12

Rep: Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730Reputation: 2730
A firewall comes with Linux; it's called iptables. Depending on the distro, it may or may not be turned on by default.

Firestarter is no longer being developed; it has no support for ipv6. Note that programs such as Firestarter are not actually firewalls; they are frontends for iptables.

I replaced Firestarter with gufw for a graphical iptables frontend. It's simple and easy to understand.

I consider a software firewall to be essential to practicing safe HEX.

Last edited by frankbell; 03-09-2014 at 10:03 PM.
 
1 members found this post helpful.
Old 03-10-2014, 05:05 PM   #8
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,466

Original Poster
Rep: Reputation: 85
Thanks all for the fantastic information and advice!
 
Old 03-10-2014, 08:37 PM   #9
darry1966
Member
 
Registered: Sep 2011
Location: Christchurch NZ
Distribution: LinuxBBQ
Posts: 82

Rep: Reputation: Disabled
No problem friend,

Enjoy your Linux experiences.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Managing A Single Firewall Policy For Multiple Servers Using Firewall Builder LXer Syndicated Linux News 0 12-06-2010 11:20 AM
pptp gets modem hung up outside firewall, but not inside firewall cmnorton Linux - Networking 4 11-27-2008 01:04 AM
router billion 5102 has firewall and software firewall tests aus9 Linux - Security 6 12-31-2006 11:09 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 01:32 PM


All times are GMT -5. The time now is 04:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration