LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux
User Name
Password
4MLinux This forum is for the discussion of 4MLinux.

Notices


Reply
  Search this Thread
Old 08-03-2018, 02:25 PM   #1
linustalman
Senior Member
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 9 Stable (Stretch) x64
Posts: 3,022

Rep: Reputation: 342Reputation: 342Reputation: 342Reputation: 342
Question Is firewall fully enabled out-of-the-box?


Hi Zbigniew.

I am more familiar with GUFW.

Is the 4MLinux firewall fully enabled out-of-the-box?

Thanks.
 
Old 08-04-2018, 06:32 AM   #2
zk1234
4MLinux Maintainer
 
Registered: Oct 2010
Location: Poland
Distribution: 4MLinux, Slackware
Posts: 890

Rep: Reputation: 166Reputation: 166
Hi,

One has a "fully enabled firewall" when one's computer is switched off :-)

1) The default /etc/server/autostart.conf file is:
Code:
# Choose the servers to start during the boot time:
CRON=yes
DNS=no
FIREWALL=yes
FTP=no
HTTP=no
MYSQL=no
NFS=no
PROXY=no
SMTP=no
SSH=yes
TELNET=no
So yes, the firewall is enabled by default.

2) Open your terminal and execute "firewall test". You should now see something like this:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: BRF side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: BRF side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10000
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 50000:55000
ACCEPT     udp  --  anywhere             anywhere             udp spt:netbios-ns

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere
So yes, the firewall is up and running.

3) The firewall's default configuration (Menu > Miniserver > Settings > Firewall) is:
Code:
# Accept all internal requests:
LOCALHOST=yes

# Accept external ping requests:
PINGS=yes

# Accept external traceroute requests:
TRACEROUTE=yes

# Allow outgoing traffic:
OUTGOING=yes

# Allow incoming traffic to the following TCP ports:
TCP="21 22 80 443 10000"

# Allow incoming traffic to the following UDP ports:
UDP=""

# Unblock port 53 for DNS server:
DNS=no

# Unblock ports 25,465,587 for SMTP server:
SMTP=no

# Unblock ports 111,1110,2049,4045,4046 for NFS server:
NFS=no

# Allow passive FTP connections:
PASSIVE=yes

# Range of ports for passive FTP connections:
RANGE=50000:55000

# Enable support for Samba client:
SAMBA=yes

# Enable SSH brute force protection:
BRF=yes

# Blacklist IP addresses from the following list:
BLACKLIST=/etc/firewall/black.list

# Enable DDOS protection:
DDOS=no


# NOTE:
# Always enabled (even if DDOS is set to "no"):
# SYN flood protection,
# NULL scan protection,
# XMAS scan protection.
4) More reading:
http://4mlinux.blogspot.com/2017/07/...ux-server.html

.
 
1 members found this post helpful.
Old 08-04-2018, 10:39 AM   #3
linustalman
Senior Member
 
Registered: Mar 2010
Location: Ireland
Distribution: Debian 9 Stable (Stretch) x64
Posts: 3,022

Original Poster
Rep: Reputation: 342Reputation: 342Reputation: 342Reputation: 342
Thumbs up

Thank you Zbigniew for that informative response.
 
  


Reply

Tags
4mlinux, firewall, ootb


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall enabled? ashintoms Linux - Networking 2 07-12-2006 10:15 PM
Mapping Linux box to XP Fully dson78 Linux - Networking 2 08-29-2005 01:42 PM
Mapping Linux box to XP Fully dson78 Linux - Newbie 1 08-28-2005 07:49 PM
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 04:02 PM
secure is a fully patched linux firewall? InTheWired Linux - Security 10 04-09-2004 09:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > 4MLinux

All times are GMT -5. The time now is 02:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration