I'm pretty knowledgeable in computers, etc, but not so much in networking, so this is where I ask for help, I have a PC running Ubuntu with firestarter, I'm wondering what would be some basic (and safe) rules for this? Or is it even necessary? (I'm also behind a router as well)
Hello, Basically, you need nothing more than the default. Default Ubuntu runs no services, thus you have no open ports. Plus, the router, you're all set. Some things you might want to consider: DNS: Your router is your DNS, which is turn uses the ISP DNS. Thus, no special settings are required. Although if you really really feel anal, allow DNS only to your router. Allow, input/output upd/tcp 53 Actual iptables rules: iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 53 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 53 -j ACCEPT DHCP: Do you have a static or dynamic IP? Either way, you get it from your router. Thus again, no special settings are required. Still: Allow, input/output, udp/tcp, ports 67:68 Actual iptables rules: iptables -A INPUT -i eth0 -p udp --sport 67:68 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --dport 67:68 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 67:68 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 67:68 -j ACCEPT Samba / Printer sharing etc: If you are sharing your resources with other machines and using samba for that purpose, or if you share your printer, make sure they are only available to specific machines: Allow, samba, inbound, specify relevant allowed IPs, ports 137:139 udp,tcp, 445 tcp I assumed your network is 192.168.1.0. /24 means subnet 255.255.255.0, which means all IPs 192.168.1.0-192.168.1.255. Rules: iptables -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT Allow, cups, inbound, port 631 udp, tcp Rules: iptables -A INPUT -p udp -s 192.168.1.0/24 --dport 631 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 631 -j ACCEPT Additionally, you can use both samba and cups configuration files to limit access to only specified ranges. Ping: You probably want to allow your router to ping you. But it's up to you. Last but not the least - your default policy should be DROP, meaning any connection not explicitly matched will be dropped: iptables -P INPUT DROP And don't forget to allow the localhost: iptables -I INPUT -s 127.0.0.1 -j ACCEPT This may interest you: http://www.dedoimedo.com/computers/linux_commands.html Mrk
This is something that's always bothered me about using a router/fw. If you watch your SW-FW logs, you only get DNS connects to your routers IP. If your router's DNS gets hacked, you're basically screwed. If you were running just a SW FW, you could immediately see if your 53/DNS was connecting where it should (if you manually set your primary and secondary DNS servers). BTW, what is the best hard-wired router FW for security? (within a normal consumer/user price range).