HOWTO: My firewall configuration -UPDATE!

Share your wisdom. Not for support questions!

Moderator: How-to Curator

HOWTO: My firewall configuration -UPDATE!

Postby Lou » August 17th, 2014, 7:44 pm

I use the Gufw firewall, my knowledge of iptables is nil. Gufw allows me to navigate
undetected, or so they say. This is a very elementary configuration.

INSTALLATION
# apt-get install gufw

LAUNCHING
# gufw

On the screen click on UNLOCK

Then click on top so it looks like this:

Code: Select all
STATUS   ON
INCOMING DENY
OUTGOING  ALLOW


Close gufw (Ctrl + Q)

To avoid pings from potential hackers, (if you want to ping your machine, omit this editing)

From the terminal edit this file

# nano /etc/ufw/before.rules

And leave this section looking like this:

Code: Select all

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP



#reboot

And go to http://www.grc.com

Click on ShieldsUp
On the next screen, click again on ShieldsUP (it's under Hot Spots)
Next screen, click on Proceed.
Next screen, click on All Service Ports
In the next screen, wait for the ports' probing...
At the end, it should be all green (neon green) meaning you're in stealth.
Read the report under this from grc, mine reads:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was
received from your system as a result of our security probing tests. Your system ignored and refused to reply
to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine
does not exist on the Internet. Some questionable personal security systems expose their users by attempting
to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

References: https://help.ubuntu.com/community/UFW

UPDATE!!! Feb 8 2015
I went up to Testing (Jessie) nuked systemd, installed sysvinit and tried to install gufw - no dice. Googled for a while, and found that you can install 'ufw' and configure it from the terminal:

# apt-get install ufw
# ufw enable <Enter>

To see if it is running:
# ufw status <Enter>

To avoid pinging do as explained above, go to grc.com and check for stealth and voilá!

Reference: https://wiki.ubuntu.com/UncomplicatedFi ... tuFirewall
Debian Jessie w/o systemd - icewm
User avatar
Lou
 
Posts: 235
Joined: April 5th, 2011, 3:58 pm

Return to HowTo

Who is online

Users browsing this forum: No registered users and 2 guests

x