Firewall

Discussions about firewalls often are passionate (just search the Ubuntu forums). By default, Ubuntu includes a firewall, iptables, but by default nothing is engaged. This is reasonable as a default Ubuntu install opens zero ports to the outside world, so a firewall is redundant. However, installing "server software" will cause ports to open, so some people like to use a firewall as a catch-all layer to find mistakes in their configuration.

Another use for firewalls is for the administrator to forcibly impose network policies on the user. For example, users may not talk to example.com, open up a listening port for remote connections, and so on.

Also, a periodic audit of the system for open ports is a good practice. For example, running the "nmap" command from another machine, or using one of many online port scanners:

http://nmap-online.com/
https://www.grc.com/x/ne.dll?bh0bkyd2

Remember, what you care about are open ports. Closed ports and stealth ports are equally secure, in that they are inaccessible to the public.

Iptables references :

• https://help.ubuntu.com/community/IptablesHowTo
• http://www.linuxguruz.com/iptables/howto/
• http://iptables-tutorial.frozentux.n...-tutorial.html
• http://www.redhat.com/docs/manuals/e...l-ipt-act.html
• https://www.redhat.com/docs/manuals/...-iptables.html
  

update: I wrote an iptables reference here : bodhi's iptables primer.

The "problem" is iptables is not so new user friendly. Fortunately, there are several more user friendly interfaces available to allow you to manipulate your firewall (UFW, Firestarter, and Guarddog) :

• UFW (Uncomplicated Firewall) is the newest tool. It is a command line tool and is, IMO, superior to the gui tools.
  • To Configure iptables , UFW uses both configuration files /etc/default/ufw and /etc/ufw/before.rules and the command line. Howto: Use, setup, and Take advantage of the New Ubuntu Uncomplicated Firewall UFW
• Firestarter is one of the most popular GUI front ends.

  How to Firestarter
  Default Firestarter Policies:
  

  Quote:

  New inbound connections from the Internet to the firewall or client hosts are blocked. The firewall host is freely allowed to establish new connections. All client hosts are allowed to establish new connections to the Internet, but not to the firewall host. Traffic from the Internet in response to connection requests from the firewall or client hosts is allowed back in through the firewall. This policy allows normal Internet usage such as web browsing and e-mail on the secured hosts, but blocks any attempts to access network services from the outside and shields the local network.

• Guard dog uses the KDE libraries.

  Guarddog Online Guide
  

A source of confusion sometimes occurs when users feel the need to be running firestarter/Guarddog for their firewall to be active. This is untrue ! Keep in mind that these applications are not firewalls, but rather configuration tools for ip tables. These applications should be run only to configure your firewall. Once configured, IP tables (the actual firewall) is active (at boot) without having to run firestarter/guarddog. firestarter will monitor traffic, but it runs as root and there are better monitoring programs, so configure you firewall, shut down firestarter/grauddog, and let IP tables do the rest

Source : http://ubuntuforums.org