HOWTO: ufw firewall
Posted: 16. Mar 2015, 17:21
Installation:
To activate it:
To avoid pinging from outside:
Leave it looking like this:
Check it in http://www.grc.com
Click on ShielsUp > ShieldsUp (under Hot Spots > Proceed > All Service Ports
If all the ports are neon green you are in Stealth (you're invisible in the internet) the paragraph should say:
Code: Select all
# spi -u && spi -i ufw
Code: Select all
# ufw enable
# ufw status
Code: Select all
# nano /etc/ufw/before.rules
Code: Select all
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Click on ShielsUp > ShieldsUp (under Hot Spots > Proceed > All Service Ports
If all the ports are neon green you are in Stealth (you're invisible in the internet) the paragraph should say:
Code: Select all
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.