LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   UFW settings for simple file server (https://www.linuxquestions.org/questions/linux-security-4/ufw-settings-for-simple-file-server-851339/)

rough60 12-20-2010 05:45 AM
UFW settings for simple file server
 
Hi all,

I would like to set the firewall in Ubuntu Server 10.10 up to be very secure but perform these tasks:

1. File server to windows 7 and windows xp machines both over ethernet and wireless via a router.

2. Print server for these 2 machines.

3. Auto backup these 2 machines.

So far I have set the server up with a static ip, do the 2 windows machines need static ip's aswell?
I don't need remote access to the server, only over the lan.

I thought this may be all I needed to do:

Code:
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow ssh
$ sudo ufw allow Samba
$ sudo ufw allow rsync
$ sudo ufw enable
But would this block auto updates to the server and auto backup of my files?

Thanks for any help,
Cheers.

unixfool 12-20-2010 09:17 AM
Quote:
Originally Posted by rough60 (Post 4197547)
But would this block auto updates to the server and auto backup of my files?
If you aren't specifically allowing it within the policy, it will block auto updates and backups. You're going to have to allow that type of traffic.

Noway2 12-20-2010 12:37 PM
Quote:
it will block auto updates and backups. You're going to have to allow that type of traffic.
My guess is that is what they were trying to do with allowing rsync.

Rough 60, a couple of things about the subject at hand. First, please keep in mind that in Linux ports are by default closed unless there is an application listening on that port. Consequently, the primary advantage in a firewall is that it acts as a wrapper around your system to catch inadvertent errors and also as a means to prevent outgoing traffic. I mention this because it is a common point of confusion, especially for anyone coming from the Windows domain. You mention that you would like your system to be very secure, which is an excellent objective, and a firewall is certainly a part of that, but there are other factors that will be more important. Second, UFW is an easy way to manage the default firewall in Ubuntu, which is IPTables. If the tool will perform the function you require that is fine, but you should also consider learning how to configure it manually as this will give you a very fine degree of control over the traffic beyond a simple allow/deny on various ports. For example, you can limit the number and rate of connections from a particular IP.

unixfool 12-20-2010 01:45 PM
Quote:
Originally Posted by Noway2 (Post 4198014)
My guess is that is what they were trying to do with allowing rsync.
Yeah, I'm trying not to guess. I've always thought of rsync as a data transfer tool (at least that's how I've used it).

If he's using rsync, then his ACL may allow him to perform backups, although I don't know how granular he can get with UFW (I've used it sporadically but prefer iptables). If he's using, for example, an enterprise tool such as Veritas, or something besides rsync, the rsync allowance won't work for him.

rough60 12-20-2010 10:24 PM
Thanks guys, I'll probably post a few more Q's soon.
Cheers


All times are GMT -5. The time now is 03:07 PM.