- Netfilter
- Firestarter
Netfilter firewall:
Ubuntu has a powerful firewall called netfilter that is part of the central kernel program. The ufw command at the terminal allows us to configure the firewall. However, this command needs you to be root of the system. For this purpose, we add sudo in before the command. For example, to enable the netfilter firewall we type the command as: sudo ufw enable. The manual pages for this firewall can be seen by typing the command: man ufw.
However, this firewall can be operated in a more user-friendly way, by installing the package named Firewall Configuration. This package supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports, and many others. Rules can be easily added, removed and edited with the help of this interface. The interface is simple with easy usage and is recommended for beginner users.
We can configure the netfilter firewall by --
- Adding allow, deny and limit rules.
- Enabling, disabling and reloading the firewall.
- Deleting and Inserting rules.
- Displaying the information and status of the firewall.
Firestarter firewall:
Another user-friendly Firewall in Ubuntu is Firestarter. On the start-up for the first time, a wizard will be run, for configuring the network states. You can read the manual pages of this firewall by the command: man firestarter. There are three pages/tabs in the Firestarter interface, namely --
- Status page giving an overview of the firewall state.
- Events page, where blocked intrusion attempts and the firewall history is shown.
- Policy page for altering the behaviour of the firewall.
This firewall can be in one of these three states: Active, Disabled and Locked (Nothing is allowed through the firewall, neither in nor out). The Network section of the status page gives an overview of the network resource usage. In addition, the status page also lists the Active connections, the firewall is tracking every moment. The entries in the Active connections are color coded as: Gray for a terminated connection and black for a currently active connection. However, terminated connections are removed from the list after 10 seconds.
The Events page shows the history of connections blocked by the firewall. The entries in the Events page can be allowed connections from source, port or everyone or can be disabled events from source or port. The Firestarter colour codes the entries as:
- Black -- A regular connection.
- Red -- A possible attempt to access a non-public service and needs special attention.
- Gray -- Harmless connections, mostly broadcast.
The third page, Policy can add, edit or remove rules for the firewall. Two types of rules can be created: Inbound rules, that allow through connections from the network or Internet, and Outbound rules, that can block unauthorised data emissions from your computer, such as those from potential virus infections, or spyware. Inbound rules allow you to filter all incoming connections. When it comes to blocking data emanating from your computer, Firestarter can enact two different modes:
- Whitelist: In this mode, network traffic is not allowed out of the computer unless a rule allows it. This is also known as restrictive policy.
- Blacklist: In this mode, which is default, all traffic is allowed out of the computer unless a rule specifically forbids it. This is also known as permission policy.
This comment has been removed by the author.
ReplyDelete