You are not logged in.
- Topics: Active | Unanswered
#1 2017-11-20 05:03:25
- tleydxdy
- Member
- Registered: 2017-10-11
- Posts: 21
What's the basic rule of thumb for configureing firewall?
I saw ufw has a lot of application profile, is it necessary to enable all of the application that I was using, or I should just open ports when I found that my apps isn't working, and how to determine which direction it is?
For example, should I enable Steam, Minecraft etc, and in or out or both?
Offline
#2 2017-11-21 01:43:24
- hrothgar
- Member
- Registered: 2017-11-18
- Posts: 1
Re: What's the basic rule of thumb for configureing firewall?
Ubuntu seems to have good wiki on the subject.
https://help.ubuntu.com/community/UFW
And it says the default rules should be fine for the average user.
Typically, you will want to block NEW incoming access to your machine, and ALLOW outgoing access. This means that your applications ( steam, minecraft, etc ) should only be able to connect to your machine, if you connect to them to first.
Security-wise, most home routers already have a built-in policy like this to prevent unauthorized access to computers within their LAN from the open internet (otherwise known as the wild). So adding this policy to your own computer will mostly just protect you from people with access to your LAN.
If you want to be super strict, you can disable outgoing access from your machine, and selectively enable access when apps stop working. This would protect you if someone managed to get a trojan on your system, and then it wouldn't be able to phone home, so to speak. Though a trojan on your system, would probably imply bigger problems 
.
Bear in mind, tighter security = greater inconvenience.
You only want enough security that the cost of breaking through it is not much more than the value of the data behind it.
Offline
#3 2017-11-21 02:17:22
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,523
- Website
Re: What's the basic rule of thumb for configureing firewall?
You only want enough security that the cost of breaking through it is not much more than the value of the data behind it.
This makes two very large assumptions, neither one seem justified: 1 that a would be attacker would know before hand what the value of the data on your system could be, and 2 that it requires additional effort to target your machine on top of what it required to broadcast their attack to countless high-value targets.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline