LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   configure ufw (https://www.linuxquestions.org/questions/linux-security-4/configure-ufw-4175658282/)

zpimp 07-30-2019 09:29 AM

configure ufw
 
i want to block all ports using ufw except http/https, basically just to browse the web

i used this

Code:

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw status verbose
sudo ufw enable
sudo ufw logging on
 
sudo ufw allow out http
sudo ufw allow out https

this is my output

Code:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
 
To                        Action      From
--                        ------      ----
80                        ALLOW OUT  Anywhere                 
443                        ALLOW OUT  Anywhere                                 
80 (v6)                    ALLOW OUT  Anywhere (v6)           
443 (v6)                  ALLOW OUT  Anywhere (v6)

anything else i could do, maybe default disable outgoing by default?
is it ok to eliminate v6, i assume ipv6
is ok ALLOW OUT? as i understand this means connection that my pc starts to another ip


edit:
it seems my browser doesent work if i set default deny (outgoing)
after running 'lsof -i' it seems firefox has connections from local ports 56389 44274 22400 127612 to the websites's https (443)

but if i let any local port to connect to remote https, with something like this
sudo ufw allow out to any port 80
that leaves room for other programs (like possibly malware) to communicate

teckk 07-30-2019 11:04 AM

Start with the docs.
https://wiki.ubuntu.com/UncomplicatedFirewall
http://manpages.ubuntu.com/manpages/...an8/ufw.8.html

https://www.booleanworld.com/depth-g...inux-firewall/

Then allow through/block what you wish.

scasey 07-30-2019 11:12 AM

Your desktop doesn't use port 80 (or port 443) to connect from your browser. Those ports are used by the remote web servers...those are the ports they listen on and respond from.

As you saw, your 'puter is using very high port numbers to connect outbound to remote servers. Yes, those ports (the high ones) need to be open to outbound traffic in order for you to be able to surf the web.

I don't use ufw, so can't help you with specifics...I just wanted to clarify that, unless you are running a web server, ports 80 and 443 on your machine are not used at all.


All times are GMT -5. The time now is 07:20 AM.