HOWTO: ufw firewall

Post Reply
bobo
Douche bag
Posts: 78
Joined: 17. Feb 2015, 16:37
Location: Panama

HOWTO: ufw firewall

Post by bobo » 16. Mar 2015, 17:21

Installation:

Code: Select all

# spi -u && spi -i ufw
To activate it:

Code: Select all

# ufw enable
# ufw status
To avoid pinging from outside:

Code: Select all

# nano  /etc/ufw/before.rules
Leave it looking like this:

Code: Select all

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Check it in http://www.grc.com
Click on ShielsUp > ShieldsUp (under Hot Spots > Proceed > All Service Ports

If all the ports are neon green you are in Stealth (you're invisible in the internet) the paragraph should say:

Code: Select all

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Desktop: Celeron - 2 GB RAM - HD 160 GB - Slackel/Salix - icewm/jwm - Grub
KISS: Keep It Simple, Stupid

User avatar
knome
Donor
Posts: 163
Joined: 20. Dec 2012, 19:36
Location: UK

Re: HOWTO: ufw firewall

Post by knome » 23. Mar 2015, 23:51

On my home system I get the same ShieldsUp result without installing any software firewall. Does that mean my ISP's (BT) supplied modem router is doing a good job?
Image

bobo
Douche bag
Posts: 78
Joined: 17. Feb 2015, 16:37
Location: Panama

Re: HOWTO: ufw firewall

Post by bobo » 24. Mar 2015, 02:39

Make sure and call them up.
Desktop: Celeron - 2 GB RAM - HD 160 GB - Slackel/Salix - icewm/jwm - Grub
KISS: Keep It Simple, Stupid

Post Reply