LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 01-26-2009, 06:20 PM   #1
JrBach21
LQ Newbie
 
Registered: Jan 2009
Distribution: Xubuntu
Posts: 12

Rep: Reputation: 0
Do I absolutely NEED antivirus or a firewall for xubuntu?


Just wondering because I'm using to having those from xp.
 
Old 01-26-2009, 06:44 PM   #2
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware
Posts: 1,135

Rep: Reputation: 277Reputation: 277Reputation: 277
Yes to firewall, unless provided by router.

No (with all due respect to security guru unSpawn, et al) antivirus UNLESS you will be forwarding emails with attachments to Windows users.

Browse this thread for some thoughts (on both sides) on the antivirus issue:

Code:
http://www.linuxquestions.org/questions/linux-general-1/what-anti-virus-software-do-you-use-699576/
cheers,
 
Old 01-26-2009, 07:04 PM   #3
maginotjr
Member
 
Registered: Aug 2004
Location: BR - Floripa
Distribution: Ubuntu 9.10 - 2.6.x.x
Posts: 661

Rep: Reputation: 35
yeah was a good theard looks like a religion discussion lol

 
Old 01-27-2009, 12:57 AM   #4
dividingbyzero
Member
 
Registered: May 2008
Location: Earth
Distribution: Slackware 12.2
Posts: 52

Rep: Reputation: 16
yeah, use a firewall. Here's a simple one that should work:

Code:
iptables -F
iptables -X

#if you get an ip from a dhcp server
DHCP_SERVER="your_dhcp_server"

#drop everything first
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#INPUT RULES
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -p udp -s $DHCP_SERVER --sport 67, --dport 68 -j -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -j LOG --log-prefix "DROPPED_IN "

#OUTPUT
iptables -A OUTPUT -p ALL -o lo -j ACCEPT

#browse web
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT
iptables -A OUTPUT -p ALL -j LOG --log-prefix "DROPPED_OUT "
Of course, If you don't use dhcp, you don't need the dchp rule, and if you're on wireless you'd most likely change eth0 to eth1 or wlan0
Save it as "firewall", chmod 777 firewall, and ./firewall to run it.


Last edited by dividingbyzero; 01-27-2009 at 01:01 AM.
 
Old 01-27-2009, 01:43 AM   #5
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Quote:
Originally Posted by dividingbyzero View Post
yeah, use a firewall. Here's a simple one that should work:

Code:
iptables -F
iptables -X

#if you get an ip from a dhcp server
DHCP_SERVER="your_dhcp_server"

#drop everything first
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#INPUT RULES
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -p udp -s $DHCP_SERVER --sport 67, --dport 68 -j -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -j LOG --log-prefix "DROPPED_IN "

#OUTPUT
iptables -A OUTPUT -p ALL -o lo -j ACCEPT

#browse web
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT
iptables -A OUTPUT -p ALL -j LOG --log-prefix "DROPPED_OUT "
Of course, If you don't use dhcp, you don't need the dchp rule, and if you're on wireless you'd most likely change eth0 to eth1 or wlan0
Save it as "firewall", chmod 777 firewall, and ./firewall to run it.

Too restrictive. This rule will disable everything except http, https and ftp. By everything I mean pop3, all p2p, icq (unless passed through https tunnel), every network game, and so on. For original poster it would be better to study iptables manual (which won't be easy), or (better idea for novice ubuntu user) find info about ubuntu built-in graphical firewall tools (it is bound to have them). I think it would be easier just to allow all outgoing connections instead of blocking all output.

And it could handle some DoS attacks. Here is how it is done in my modem (according to modem's settings, entries below jumps to pingflood/synflood chains handle port scanning):
Code:
#iptables -vnL
....
Chain INPUT (policy ACCEPT 228 packets, 13616 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 pingflood  icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          icmp type 8 state NEW 
    0     0 synflood   tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          state NEW 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x03/0x03 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x06 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x37 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x29 
....

Chain pingflood (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 1/sec burst 5 
    0     0 REJECT     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-port-unreachable 

Chain synflood (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          limit: avg 15/sec burst 25 
    0     0 REJECT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          reject-with tcp-reset

Last edited by ErV; 01-27-2009 at 01:48 AM.
 
Old 01-27-2009, 03:04 AM   #6
dividingbyzero
Member
 
Registered: May 2008
Location: Earth
Distribution: Slackware 12.2
Posts: 52

Rep: Reputation: 16
it's not too restrictive. All you have to do is add whatever you want to allow. It's best to drop EVERYTHING and then specifically let through what you need. But, yeah, I agree with you that the OUTBOUND rule could allow all outbound.

Last edited by dividingbyzero; 01-27-2009 at 03:07 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall and antivirus mandrivel Mandriva 5 02-22-2006 04:20 AM
Antivirus and Firewall zaq12wsx Linux - Newbie 6 11-10-2004 07:39 AM
AntiVirus and Firewall NeoSpawn Linux - Software 1 03-02-2004 08:58 AM
Firewall and Antivirus giill Linux - Software 4 11-21-2003 07:10 AM
antivirus/firewall mullet Linux - Security 1 11-10-2003 02:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration