Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Firewall on Linux:
I think firewall is a must thing as it hides your system from the outer world.
A perfect firlwall makes ur presence stealth thus no one knows if there is some target or not , fairly it is a big differnece between
[without firewall]
1:knowing there is a target and it is blocking it's port . (causing attacker to try something new)
[with firewall]
2:Not sure about target is present or not . ( causing the attacker to first to know if there is target really present or not and then follow the first point).
Further:
a small list of things that are possible:-
* Throttle bandwidth for certain computers
* Throttle bandwidth TO certain computers
* Help you fairly share your bandwidth
* Protect your network from DoS (Denial of Service) attacks
* Protect the Internet from your customers
* Multiplex several servers as one, for load balancing and enhanced availability
* Restrict access to your computers
* Limit access of your users to other hosts
* Do routing based on user id (yes!), MAC address, source IP address, port, type of service, time of day or content.
I do not claim to be an expert but my understanding is that ports are not "closed" unless they are firewalled.
How are the ports "closed" without one?
If there is no process bound to a port then nothing can connect to it and any connection attempts will just get a connection refused packet sent back. Same as if you firewalled it with 'REJECT'. Its still a good idea to run a firewall though as you would need to pay very close attention to what's running on your box otherwise to be secure.
I think the term "closed" in our different usages is quite imprecise.
I would not call a port closed just because nothing was being run on it, that seems quite misleading. I would say nothing was being run on it.
I do not think no services being run on a port and having a firewall reject or drop connections to it are equal. I think it is probably dangerous to belive it is.
Originally posted by 2damncommon I think the term "closed" in our different usages is quite imprecise.
I would not call a port closed just because nothing was being run on it, that seems quite misleading. I would say nothing was being run on it.
I do not think no services being run on a port and having a firewall reject or drop connections to it are equal. I think it is probably dangerous to belive it is.
Well, by definition a port is 'closed' when it is not accepting connections, and 'open' when it does. But yes, considering that, there are two kinds of closed ports..non-listening and firewalled.
Quote:
Originally posted by tkedwards Its still a good idea to run a firewall though as you would need to pay very close attention to what's running on your box otherwise to be secure.
Well, if one only uses the package manager of their distribution with
official repositories and/or officialy listed ones, and otherwise
compiles known programs from source (i.e. no little code pieces from script
kiddie sites) things should be relatively safe, seriously.
It comes with the control one has over the system.
Originally posted by xxx_anuj_xxx Firewall on Linux:
I think firewall is a must thing as it hides your system from the outer world.
A perfect firlwall makes ur presence stealth thus no one knows if there is some target or not , fairly it is a big differnece between
[without firewall]
1:knowing there is a target and it is blocking it's port . (causing attacker to try something new)
[with firewall]
2:Not sure about target is present or not . ( causing the attacker to first to know if there is target really present or not and then follow the first point).
What kind of 'stealth' are you referring to?
If you are referring to -j DROP and/or Windows 'Stealth' firewalls..that won't work.
It's a common misconception that any marketed 'stealth' setting or simply completely dropping packets that reach you will turn you invisible.
On the contrary:
As soon as an attacker sends packets to an IP, and nothing at all gets returned they know 'oh lookie, "stealth" firewall'.
This is because if you scan the ip of an ISP, and no computer is currently associated with said IP, the routers of the ISP will return a
'port not reachable' ICMP packet.
Using IPtables this -can- be of course emulated, faking such responses
Instead of using -j DROP or a mere '-j REJECT', actually use '-j REJECT --reject-with icmp-port-unreachable'.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.