Hi,
One has a "fully enabled firewall" when one's computer is switched off :-)
1) The default /etc/server/autostart.conf file is:
Code:
# Choose the servers to start during the boot time:
CRON=yes
DNS=no
FIREWALL=yes
FTP=no
HTTP=no
MYSQL=no
NFS=no
PROXY=no
SMTP=no
SSH=yes
TELNET=no
So yes, the firewall is enabled by default.
2) Open your terminal and execute "firewall test". You should now see something like this:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: BRF side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: BRF side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT tcp -- anywhere anywhere multiport dports 50000:55000
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
So yes, the firewall is up and running.
3) The firewall's default configuration (Menu > Miniserver > Settings > Firewall) is:
Code:
# Accept all internal requests:
LOCALHOST=yes
# Accept external ping requests:
PINGS=yes
# Accept external traceroute requests:
TRACEROUTE=yes
# Allow outgoing traffic:
OUTGOING=yes
# Allow incoming traffic to the following TCP ports:
TCP="21 22 80 443 10000"
# Allow incoming traffic to the following UDP ports:
UDP=""
# Unblock port 53 for DNS server:
DNS=no
# Unblock ports 25,465,587 for SMTP server:
SMTP=no
# Unblock ports 111,1110,2049,4045,4046 for NFS server:
NFS=no
# Allow passive FTP connections:
PASSIVE=yes
# Range of ports for passive FTP connections:
RANGE=50000:55000
# Enable support for Samba client:
SAMBA=yes
# Enable SSH brute force protection:
BRF=yes
# Blacklist IP addresses from the following list:
BLACKLIST=/etc/firewall/black.list
# Enable DDOS protection:
DDOS=no
# NOTE:
# Always enabled (even if DDOS is set to "no"):
# SYN flood protection,
# NULL scan protection,
# XMAS scan protection.
4) More reading:
http://4mlinux.blogspot.com/2017/07/...ux-server.html
.