85
submitted 1 month ago by Cornflake_Dog@lemmy.wtf to c/linux@lemmy.ml

Hey there folks,

I'm trying to figure out how to configure my UFW, and I'm just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I'm a total newbie to configuring firewalls so I'm just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don't even know how/where to monitor local traffic to figure out what I can/should consider blocking.

you are viewing a single comment's thread
view the rest of the comments
[-] Shdwdrgn@mander.xyz 78 points 1 month ago

You've got it backwards. A firewall blocks everything, then you open up the ports you want to use. A standard config would allow everything going out, and block everything coming in (unless you initiated that connection, then it is allowed).

So the question you should be asking, is what services do you think you're going to be running on your desktop that you plan to allow anyone on the internet to get to?

[-] fhein@lemmy.world 12 points 1 month ago

Not entirely clear but perhaps OP is talking about blocking unwanted outgoing reqjests? E.g. anti-features and such since they mention traffic from their apps.

[-] Shdwdrgn@mander.xyz 3 points 1 month ago

Possibly? The way I read it, it sounded like OP wasn't really even sure what a firewall does.

[-] ReversalHatchery@beehaw.org 1 points 1 month ago* (last edited 1 month ago)

no, not really. on linux that depends on the default policy of the corresponding chains, so it's configurable. I don't think all common distros default to reject either.

[-] Wingless@mstdn.social 0 points 1 month ago

@Shdwdrgn @Cornflake_Dog false. a firewall can indeed have a default block everything policy, but this is still a configurable option

[-] Shdwdrgn@mander.xyz 0 points 1 month ago

Sure it CAN be configured, but the typical policy of firewalls is to start from a position of blocking everything. From what I've seen, on Linux the standard starting point is blocking all incoming and allowing all outgoing. On Windows the default seems to be blocking everything in both directions. Sure you could start with a policy of allowing everything and block only selected ports, but what good is that when you can't predict what ports an attacker might come from?

[-] Wingless@mstdn.social 1 points 1 month ago

@Shdwdrgn on Linux, the firewall with zero custom rules always allowed everything. did that change in very recent kernels? if that's the case, I'd expect a lot of lost acces to remote servers

[-] Shdwdrgn@mander.xyz 1 points 1 month ago

Most of my experience is with iptables, but yeah, I think until you start adding rules nothing is implicitly denied? Once you enable a couple of initial rules then you should have good blocking from the outside while allowing internal traffic to connect freely. It doesn't get in your way until you start using it, but then it doesn't take much to get it going.

this post was submitted on 27 Sep 2024
85 points (97.8% liked)

Linux

48035 readers
737 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS