[SOLVED] Securing Arch Linux

dcbdbis · 2016-07-08 01:35:01

Good Evening Fellow Archers,

I am not a networking guy, and I am requesting a how-to to ensure that my Arch install is secure. Secure as in all inbound network trafficking blocked. I also want ping requests dropped too.

The only thing inbound that I want to allow is when I am browsing in HTTP/HTTPS, obviously, I want the website to be able to respond to me. Same thing goes for Thunderbird my email client, it needs to be able to fetch emails. Pretty much everything else shutdown including ssh. I have a vague memory of modifying the hosts file to "deny all" way back when, but with systemd I am not sure this is still the case. I do not trust systemd.

I also use OpenVPN to connect to work, so I need those ports open as well. Well, when I say open, I don't mean permanently open, but open on an as-use basis, then closed when I'm not using OpenVPN.

Can someone with more networking expertise than me, point me to an Arch specific wiki, or tell me how to shut down all inbound traffic except the above? I would really appreciate it!

Sincerely and respectfully,

Dave

Last edited by dcbdbis (2016-07-10 01:29:29)

Trilby · 2016-07-08 01:40:52

You can set up a firewall if you want, but are you running a server? If you don't have services running, then a firewall is pointless. A firewall selectively filters incoming traffic on open ports. If you don't open any ports, you have nothing to block.

dcbdbis · 2016-07-08 01:51:54

I apologize for lacking detail. I am on x64, and I run a desktop. No servers of any kind.

Servers as in no Apache, no ssh, etc....

Thanks!

Dave.......

Last edited by dcbdbis (2016-07-08 01:52:29)

dcbdbis · 2016-07-09 04:49:04

So I am not perfectly clear,

Because I do not run any server stuff like SSH, apache, etc., and have a plain-jane Arch Linux desktop, am I to understand that I don't need to do anything with the hosts file to prevent unwanted incoming connections?

Please advise,

Dave

Last edited by dcbdbis (2016-07-09 04:49:27)

jasonwryan · 2016-07-09 05:02:16

The hosts file won't prevent incoming connections anyway. If you want to ensure that all your ports are closed, you can use a tool like ufw and set a default deny all incoming policy. You can then selectively enable port 80 et al as required.

dcbdbis · 2016-07-09 05:05:25

OK.

Not being a network guy at all, where can I read a how-to specific for Arch Linux?

Thank you!

Dave

jasonwryan · 2016-07-09 05:20:41

https://wiki.archlinux.org/index.php/Un … d_Firewall

dcbdbis · 2016-07-10 01:29:14

Thank You!

That wiki was exactly what I needed!

Dave

Last edited by dcbdbis (2016-07-10 01:33:08)

Arch Linux

#1 2016-07-08 01:35:01

[SOLVED] Securing Arch Linux

#2 2016-07-08 01:40:52

Re: [SOLVED] Securing Arch Linux

#3 2016-07-08 01:51:54

Re: [SOLVED] Securing Arch Linux

#4 2016-07-09 04:49:04

Re: [SOLVED] Securing Arch Linux

#5 2016-07-09 05:02:16

Re: [SOLVED] Securing Arch Linux

#6 2016-07-09 05:05:25

Re: [SOLVED] Securing Arch Linux

#7 2016-07-09 05:20:41

Re: [SOLVED] Securing Arch Linux

#8 2016-07-10 01:29:14

Re: [SOLVED] Securing Arch Linux

Board footer