Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to set the firewall in Ubuntu Server 10.10 up to be very secure but perform these tasks:
1. File server to windows 7 and windows xp machines both over ethernet and wireless via a router.
2. Print server for these 2 machines.
3. Auto backup these 2 machines.
So far I have set the server up with a static ip, do the 2 windows machines need static ip's aswell?
I don't need remote access to the server, only over the lan.
it will block auto updates and backups. You're going to have to allow that type of traffic.
My guess is that is what they were trying to do with allowing rsync.
Rough 60, a couple of things about the subject at hand. First, please keep in mind that in Linux ports are by default closed unless there is an application listening on that port. Consequently, the primary advantage in a firewall is that it acts as a wrapper around your system to catch inadvertent errors and also as a means to prevent outgoing traffic. I mention this because it is a common point of confusion, especially for anyone coming from the Windows domain. You mention that you would like your system to be very secure, which is an excellent objective, and a firewall is certainly a part of that, but there are other factors that will be more important. Second, UFW is an easy way to manage the default firewall in Ubuntu, which is IPTables. If the tool will perform the function you require that is fine, but you should also consider learning how to configure it manually as this will give you a very fine degree of control over the traffic beyond a simple allow/deny on various ports. For example, you can limit the number and rate of connections from a particular IP.
My guess is that is what they were trying to do with allowing rsync.
Yeah, I'm trying not to guess. I've always thought of rsync as a data transfer tool (at least that's how I've used it).
If he's using rsync, then his ACL may allow him to perform backups, although I don't know how granular he can get with UFW (I've used it sporadically but prefer iptables). If he's using, for example, an enterprise tool such as Veritas, or something besides rsync, the rsync allowance won't work for him.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
