[SOLVED] Is firewall fully enabled out-of-the-box?

linustalman · 08-03-2018, 01:25 PM

Hi Zbigniew.

I am more familiar with GUFW.

Is the 4MLinux firewall fully enabled out-of-the-box?

Thanks.

zk1234 · 08-04-2018, 05:32 AM

Hi,

One has a "fully enabled firewall" when one's computer is switched off :-)

1) The default /etc/server/autostart.conf file is:

Code:

# Choose the servers to start during the boot time:
CRON=yes
DNS=no
FIREWALL=yes
FTP=no
HTTP=no
MYSQL=no
NFS=no
PROXY=no
SMTP=no
SSH=yes
TELNET=no

So yes, the firewall is enabled by default.

2) Open your terminal and execute "firewall test". You should now see something like this:

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: BRF side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: BRF side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10000
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 50000:55000
ACCEPT     udp  --  anywhere             anywhere             udp spt:netbios-ns

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere

So yes, the firewall is up and running.

3) The firewall's default configuration (Menu > Miniserver > Settings > Firewall) is:

Code:

# Accept all internal requests:
LOCALHOST=yes

# Accept external ping requests:
PINGS=yes

# Accept external traceroute requests:
TRACEROUTE=yes

# Allow outgoing traffic:
OUTGOING=yes

# Allow incoming traffic to the following TCP ports:
TCP="21 22 80 443 10000"

# Allow incoming traffic to the following UDP ports:
UDP=""

# Unblock port 53 for DNS server:
DNS=no

# Unblock ports 25,465,587 for SMTP server:
SMTP=no

# Unblock ports 111,1110,2049,4045,4046 for NFS server:
NFS=no

# Allow passive FTP connections:
PASSIVE=yes

# Range of ports for passive FTP connections:
RANGE=50000:55000

# Enable support for Samba client:
SAMBA=yes

# Enable SSH brute force protection:
BRF=yes

# Blacklist IP addresses from the following list:
BLACKLIST=/etc/firewall/black.list

# Enable DDOS protection:
DDOS=no


# NOTE:
# Always enabled (even if DDOS is set to "no"):
# SYN flood protection,
# NULL scan protection,
# XMAS scan protection.

4) More reading:
http://4mlinux.blogspot.com/2017/07/...ux-server.html

.

linustalman · 08-04-2018, 09:39 AM

Thank you Zbigniew for that informative response.