Do I absolutely NEED antivirus or a firewall for xubuntu?

JrBach21 · 01-26-2009, 06:20 PM

Just wondering because I'm using to having those from xp.

mrclisdue · 01-26-2009, 06:44 PM

Yes to firewall, unless provided by router.

No (with all due respect to security guru unSpawn, et al) antivirus UNLESS you will be forwarding emails with attachments to Windows users.

Browse this thread for some thoughts (on both sides) on the antivirus issue:

Code:

http://www.linuxquestions.org/questions/linux-general-1/what-anti-virus-software-do-you-use-699576/

cheers,

maginotjr · 01-26-2009, 07:04 PM

yeah was a good theard looks like a religion discussion lol

dividingbyzero · 01-27-2009, 12:57 AM

yeah, use a firewall. Here's a simple one that should work:

Code:

iptables -F
iptables -X

#if you get an ip from a dhcp server
DHCP_SERVER="your_dhcp_server"

#drop everything first
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#INPUT RULES
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -p udp -s $DHCP_SERVER --sport 67, --dport 68 -j -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -j LOG --log-prefix "DROPPED_IN "

#OUTPUT
iptables -A OUTPUT -p ALL -o lo -j ACCEPT

#browse web
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT
iptables -A OUTPUT -p ALL -j LOG --log-prefix "DROPPED_OUT "

Of course, If you don't use dhcp, you don't need the dchp rule, and if you're on wireless you'd most likely change eth0 to eth1 or wlan0
Save it as "firewall", chmod 777 firewall, and ./firewall to run it.

ErV · 01-27-2009, 01:43 AM

Quote:

Originally Posted by dividingbyzero

yeah, use a firewall. Here's a simple one that should work:

Code:

iptables -F
iptables -X

#if you get an ip from a dhcp server
DHCP_SERVER="your_dhcp_server"

#drop everything first
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#INPUT RULES
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -p udp -s $DHCP_SERVER --sport 67, --dport 68 -j -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -j LOG --log-prefix "DROPPED_IN "

#OUTPUT
iptables -A OUTPUT -p ALL -o lo -j ACCEPT

#browse web
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT
iptables -A OUTPUT -p ALL -j LOG --log-prefix "DROPPED_OUT "

Of course, If you don't use dhcp, you don't need the dchp rule, and if you're on wireless you'd most likely change eth0 to eth1 or wlan0
Save it as "firewall", chmod 777 firewall, and ./firewall to run it.

Too restrictive. This rule will disable everything except http, https and ftp. By everything I mean pop3, all p2p, icq (unless passed through https tunnel), every network game, and so on. For original poster it would be better to study iptables manual (which won't be easy), or (better idea for novice ubuntu user) find info about ubuntu built-in graphical firewall tools (it is bound to have them). I think it would be easier just to allow all outgoing connections instead of blocking all output.

And it could handle some DoS attacks. Here is how it is done in my modem (according to modem's settings, entries below jumps to pingflood/synflood chains handle port scanning):

Code:

#iptables -vnL
....
Chain INPUT (policy ACCEPT 228 packets, 13616 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 pingflood  icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          icmp type 8 state NEW 
    0     0 synflood   tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          state NEW 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x03/0x03 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x06 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x37 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x29 
....

Chain pingflood (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 1/sec burst 5 
    0     0 REJECT     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-port-unreachable 

Chain synflood (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          limit: avg 15/sec burst 25 
    0     0 REJECT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          reject-with tcp-reset

dividingbyzero · 01-27-2009, 03:04 AM

it's not too restrictive. All you have to do is add whatever you want to allow. It's best to drop EVERYTHING and then specifically let through what you need. But, yeah, I agree with you that the OUTBOUND rule could allow all outbound.