84
Firewalls: what SHOULD I block?
(lemmy.wtf)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
By default it should be configured to allow all outgoing, and block all incoming. That's perfectly fine for a desktop/laptop and you don't need to mess with it.
You can't really do that much outgoing filtering with a firewall that will be useful, because basically everything operates on port 80/443, and often connects to the same CDNs or datacenter IPs for multiple services.
Instead DNS blocking is a much more effective way to handle it, plus uBlock Origin in your browser.
Just to clarify this comment for other "total newbies": yes, the UFW default config is fine and "you don't need to mess with it".
But by default UFW itself is not even enabled on any desktop OS. And you also don't need to mess with that. It's because the firewall is on the router.
OP said clearly that this "is just my personal computer" and here we all are spreading unintentional FUD about firewall configs as if it's for a public-facing server.
This pisses me off a bit because I remember having exactly the same anxiety as OP, to the point of thinking Linux must be incredibly insecure - how does this firewall work? dammit it's not even turned on!! And then I learned a bit more about networking.
This discussion should have begun with the basics, not the minutiae.
Many people use laptops and use other wifi networks or tether to their phone, both can expose you because of unknown firewall states or IPv6 being used.
Yes, I am one of those people, literally all the time. This is the point of laptops.
And I use default Ubuntu Desktop config, kept up to date of course.
If that makes me and OP sitting targets, then maybe we should address this concern to the people who make distros rather than to a random anxious newbie.
Your phone tether will NAT you and not route any incoming packets that aren't part of a connection initiated by your host. Firewwll does nothing and anyway you wouldn't even have any open port inside the LAN unless you run services that open ports.
Its good practice to have a firewall local as well. However, you are right it about it not being to critical
It's extra management without benefits.
But it also doesn't matter if you never open any ports.
Since 99.99% of users only consume content with a browser, then a firewall that blocks all incoming connections won't impact them negatively.