How to Handle And Configure Firewall In Linux

If you are using, or planning to use Linux, a good incentive is the relative security that is implemented by default. Linux systems are insensitive to a good majority of Windows and Mac OS viruses, and the GNU project in itself assures the authenticity of the software. However, every (paranoid) geek knows that there is no such thing as a completely protected system. Today, we will show you how to beef up your Linux security by making a few changes to your Firewall settings.

Instead of just reviewing Firewall software, I will focus more on the firewall settings, such as the rules and ports, as they stand for the basis of an efficient firewall.

The traditional program for a firewall in Linux is the command-based IPTables. Directly derived from the ideal of Unix, it is very powerful, and yet extremely complicated for a beginner. IPTables does not launch itself at the boot, so it is the user’s duty to configure the firewall in a script and run it right after the login. An easier option is to use UFW (Uncomplicated FireWall). UFW is a command-based firewall, but with a much simpler syntax. It launches itself at boot, and comes with the same security level as IPTables. An even easier way to bypass the command line altogether is to use gUFW – a graphical interface for UFW.

In Ubuntu, all you have to do is to use the command (you can also install via the Ubuntu Software Center):

sudo apt-get install gufw

Run the gUFW application. You should be prompted with a nice gray window.

firewall-gufw

To operate properly, gUFW needs the super-user’s rights, which means that in a terminal, you will be using the command:

sudo gufw

If you launched it from the Application Menu, you can click the gold lock at the bottom right of the gUFW window and type your password to elevate the user permission.

firewall-unlock

The window should come to life and you can now begin the configuration.

First, you want to activate the firewall by clicking on the bar next to “Status” so that “On” is displayed. You can then choose what you want to do with the incoming and the outgoing traffic. By default, the incoming is denied and the outgoing is authorized. This is a good basis, but in general with Linux, you want to use your full control to go further than the default. The configuration as it is now will prevent something from coming into your computer but will not stop your computer from communicating. Imagine that your computer is already infected or that a malware succeeds in going through the firewall. In this case, UFW will not stop him from communicating with the Internet and maybe from transmitting your data to an evil cracker.

I therefore advise you to apply drastic measures: deny everything – incoming and outgoing!

firewall-activated

At this moment, you will find that you have cut yourself off from the Internet. By denying everything, you also deny any web traffic from coming in/out to your system. Worry not, we are going to set rules to only allow the applications you need and trust to access the web. Adding a rule is simple. You just have to click the “+” button at the bottom left of the window. Equally, the “-” button is to delete rule.

Now, click the “+” button. You should now be in front of a new dialog box with three tabs.

firewall-add_rule

The “Preconfigured” tab is for creating some rules for defined and specific tasks, like for Skype or Transmission. It is the easy way to set rules quickly: decide what program or service you want to use from the list, if you allow incoming or outgoing, and the rules will add themselves.

firewall-applications

For example, if you decide to allow in Skype connections, gUFW will allow incoming connections to port 443 using the TCP protocol.

firewall-skype

As easy to use as this tab is, it is however incomplete. There is still a bunch of stuff that you cannot do without going into the “Simple” tab. I promise, we won’t go any further, no “Advanced” tab for today.

firewall-allow_simple

This tab is not very complex to use. All you have to do for adding rules is to choose between incoming or outgoing connections, the protocol used, and the port number. I am not going to teach you the difference between UDP protocol or TCP, but instead, I will provide you a non-exhaustive list of ports that you may want to keep opened, and the reasons why.

Outgoing connections:

  • 80/tcp for HTTP
  • 53/udp for DNS
  • 443/tcp for HTTPS (secured HTTP)
  • 21/tcp for FTP (File Transfer Protocol)
  • 465/tcp for SMTP (send emails)
  • 25/tcp for Insecure SMTP
  • 22/tcp for SSH (secure connection from computer to computer)
  • 993/tcp&udp for IMAP (receive emails)
  • 143/tcp&udp for Insecure IMAP
  • 9418/tcp for GIT (version control system)

Incoming connections:

  • 993/tcp&udp for IMAP (receive emails)
  • 143/tcp&udp for Insecure IMAP
  • 110/tcp for POP3 (old way to receive emails)
  • 22/tcp for SSH (secure connection from computer to computer)
  • 9418/tcp for GIT (version control system)

Again, this list is incomplete, but it is a good start. Don’t hesitate to search if you have other needs, and check the “Preconfigured” tab first.

Some services, like IMAP, require an incoming and an outgoing connection to work properly. And in some cases, encrypted connections ask for a different port.

Now you are ready to perfectly control your own firewall and assure yourself your security. Lastly, UFW needs to be added to your daemons at boot. Use the command:

sudo update-rc.d ufw defaults

And in other distributions like Archlinux, edit your /etc/rc.conf file. It is of course better to add the UFW daemon before the daemon that establishes an Internet connection (like wicd or network-manager for example).

Do you use another firewall? Or do you have some other rules that you recommend? Please let us know in the comment.

Do you like what you read here?

Receive the latest update in your inbox.

Or connect with us: