Difference between revisions of "Personal Firewall"

From Fixme.ch
Jump to: navigation, search
(Linux)
Line 1: Line 1:
Fixme network is not firewalled. If you connect to ''FIXME'' or ''FIXME-5GHz'' WiFi networks, you'll get a public IP address and your machine will be exposed to Internet. If you connect to ''FIXME_NAT'', you won't have a public address, but it is however good practice to install a firewall.
+
Fixme network is not firewalled. If you connect to ''FIXME'' or ''FIXME-5GHz'' WiFi networks, you'll get a public IP address and your machine will be exposed to Internet. If you connect to ''FIXME_NAT'', you won't have a public address, but it is however good practice to install a firewall. ''Remember that you are in a hackerspace, and that in hackerspaces there are hackers. Not protecting your machine is an invitation to the Lulz.''
  
 
== Linux ==
 
== Linux ==

Revision as of 20:17, 2 May 2012

Fixme network is not firewalled. If you connect to FIXME or FIXME-5GHz WiFi networks, you'll get a public IP address and your machine will be exposed to Internet. If you connect to FIXME_NAT, you won't have a public address, but it is however good practice to install a firewall. Remember that you are in a hackerspace, and that in hackerspaces there are hackers. Not protecting your machine is an invitation to the Lulz.

Linux

You can use UFW • Uncomplicated Firewall, the default firewall configuration tool for Ubuntu (disable by default on Ubuntu). GUFW is a very nice and simple GUI for ufw.

If you chose GUFW, you have to click on the Unlock button after starting the GUI, then check Activate or push the Status slider to the On position. The default configuration (Incoming: Deny; Outgoing: Allow) is a good start for beginners, and contrary to what it claims, critical service messages will still be able to reach your machine, as well as incoming packets for which you established the connexion (it is a stateful firewall).

You can use iptables -L to list enforced rules.

Use netstat -laputen | grep -i listen to know which services are listening on which interface/port. If you activated the firewall, listening ports might not be reachable unless you configured your firewall to accept incoming connection to these services.

An alternative to the above use of netstat is lsof -i -n which shows open ports and open connections in a nice way.

You can use nmap from another computer to determine whether there still are open ports on your machine after the firewall is configured:

  • nmap -sS <IP Address> will scan the specified IP Address for low-range ports (<1024).
  • nmap -p- <IP Address> will scan all the ports of the machine behind the given IP Address.

Windows

Since Windows XP, a firewall is included in Windows. However, until Windows XP SP2 it was disabled by default. An unconfigured Windows Firewall denies inbound connections and allows outbound connections.

There are more complete and free (i.e. gratis) solutions. You can find some of theme on a rather old article of Lifehacker or on Google.

Use nmap from another machine to test your firewall configuration.