Announcement

Collapse
No announcement yet.

Setting up secure firewalls

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up secure firewalls

    So I have been messing around with firewalld in fedora and a few iptable frontends in ubuntu...


    but


    I still haven't found a way to restrict traffic just they way I like: only allowing outgoing connections from ports 80 and 443.


    not only that what I really like is interactive firewalls that flag every single process that tries to establish a connection.

    Is there anything like that in the linux ecosystem?

    firewallbuilder just confused the shit out of me and UGFW doesn't allow whitelisting only blacklisting.


    Fedora's firewall seems good but even when I deselect all services and reject icmp I don't really know how to restrict it to ports 80 and 443

  • #2
    firewallbuilder just confused the shit out of me and UGFW doesn't allow whitelisting only blacklisting.

    Fedora's firewall seems good but even when I deselect all services and reject icmp I don't really know how to restrict it to ports 80 and 443
    This translates to
    "The GUIs won't let me do what I want"

    The solution
    man iptables


    This post brought to you in writing style very similar to that of Pallidus

    Comment


    • #3
      Where can I find a list of console codes I can copy and paste to configure iptables


      ????

      Comment


      • #4
        Originally posted by Pallidus View Post
        Where can I find a list of console codes I can copy and paste to configure iptables


        ????
        If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

        Comment


        • #5
          In "man iptables". Perhaps you didn't read my post

          Comment


          • #6
            Originally posted by droste View Post
            If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

            this is what I don't get:


            in firewalld they show you a bunch of services and say "tick the services that you want so they are available everyhwere etc etc"

            now I untick ssh and mdns and the like

            actually I untick everything, including http and https


            and firefox still works


            ???????????'


            shouldn't I, by unticking http and https not be able to block them? or do they mean https as a server?

            Comment


            • #7

              see here it is unticketed and firefox is still working

              is fedora firewalld's broken?

              Comment


              • #8
                A firewall is for incoming communication requests (so for "servers") and not outgoing traffic. If you want to block outgoing traffic (why?) you have to either just disable the ethernet card or use iptables directly.

                Comment


                • #9
                  you have clearly never been hacked in windows: they reverse engineer code to find exploits in popular apps and then they are able to trigger behavior on those same apps to establish connections to wherever...

                  meaning it's not hackers establishing incoming communications to your system, it's your system itself dialing home to the hackers.


                  Skype for instance is dangerous as fuck, and I have proof just like I did back in march about that very dangerous flash exploit.



                  I didn't know shit about firewalls or much about computers/linux but now I'm learning.

                  In good routers you can block all outgoing and incoming traffic and then just open up the ports you need.

                  Turns out UGFW is actually more secure than fedora's firewalld as you can allow outgoing connections but then specify the rejection of ssh, telnet etc traffic

                  a good firewall should monitor all your connections and not just incoming.

                  Comment


                  • #10
                    Originally posted by Pallidus View Post
                    you have clearly never been hacked in windows:
                    True

                    Originally posted by Pallidus View Post
                    meaning it's not hackers establishing incoming communications to your system, it's your system itself dialing home to the hackers.
                    [...]
                    Turns out UGFW is actually more secure than fedora's firewalld as you can allow outgoing connections but then specify the rejection of ssh, telnet etc traffic

                    a good firewall should monitor all your connections and not just incoming.
                    What exactly stops the malware from using https or a custom protocol instead of ssh/telnet/etc? And when you have malware with root access it's quite easy for it to disable the firewall I'm not saying blocking as much as possible is bad, but you are never 100% safe unless you pull out the ethernet cable. Usually you are pretty safe on linux with blocking incoming stuff and not executing random stuff you downloaded from the internet.

                    Comment

                    Working...
                    X