Comments on: Firewall on Ubuntu

By: dbn

dbn — Mon, 08 Jun 2009 19:44:37 +0000

Good article! For all the h473rZ – 0-day vulnerabilities have, will, and do exist. If a software service has a 0-day vulnerability and a software service is publically accessible on the web because you have not configured iptables, and a bot/worm/scriptkiddie comes a’knocking, your system has no chance of survival…that is, if the intent is destructive or you have something you wanted kept private. Performance is a non-issue unless you want to block entire subnets, and even then unless you are hit really hard by a botnet (DDoS) be thankful the firewall is stopping it instead of complaining about performance. (botnets aren’t typically used to break into home pc’s unless you are in/famous, big business, or a branch of some government.) Configure iptables already!

By: Fibonacci

Fibonacci — Sun, 10 Aug 2008 00:38:10 +0000

Hi!
Thanks for the article, very interesting. Can you please post more GUI screenshots next time, although the installation process was helpful too.

By: X

Sat, 09 Aug 2008 23:25:13 +0000

Thank you for posting this guide. You did a good job on it and I like your graphics too.

By: hostintruder

hostintruder — Sat, 09 Aug 2008 22:05:05 +0000

Maybe this will used some resources(very little) but as far as I know all Linux distros come with a firewall and have since kernel 2.0. Since Linux 2.4, the firewall built into the kernel is iptables.
Unless you give iptables some rules, it allows everything. Tools like Firestarter are not firewalls themselves(as said it above) but utilities to make it easier to configure iptables. In other words, it’s just as Graphical User Interface.

Another reason to have a firewall is that if later on you decide to install a new service such as SSH or Remote Desktop (VNC), you will probably want to control who can access these services by installing a software firewall.

Since my Ubuntu desktop is my sole machine that connects directly to the Internet, then I think that it’s a good idea to configure one. By the way, thanks for the command sudo netstat -cpnut, I never heard about it but it’s very useful.

By: X

Sat, 09 Aug 2008 21:30:02 +0000

You can monitor your connections and programs as follows without installing a firewall:

sudo netstat -cpnut

If you close down your uneeded open ports, what benefit does the firewall give you? what does the firewall do to system performance and resources?

By: hostintruder

hostintruder — Sat, 09 Aug 2008 18:01:07 +0000

Maybe you are right, but with a firewall, you can monitor which program is accessing the internet. You have a better control on your machine.

By: luckydev

luckydev — Sat, 09 Aug 2008 17:38:53 +0000

If you are a desktop user, I personally feel you dont need a firewall…all u need to do is to install the security updates sent by ubuntu. firewall is very necessay in cases of servers.