First of all you have to think what ports you need to be open. Here's a good example
ports: 25, 53, 110, 443, 53323 on TCP must be open so you can connect to your e-mail, http, https and skype
ports 53, 67, 68 on UDP must be open for DNS and DHCP
ports 6667 - 7000 on TCP must be open to connect to IRC
port 5050 on TCP for Yahoo messenger
and ofcourse port 6969,51413 on TCP for Torrent (Transmission client (the one preinstalled on debian))
Now we need to install UFW
just type: sudo apt-get install ufw
once it's done you need to see its status you do that by giving the command: sudo ufw status
ofcourse it's inactive.
Now let's add some rules...
sudo ufw enable
sudo ufw default deny incoming && sudo ufw default deny outgoing
this will block your incoming/outgoing traffic, but don't worry we can add some rules so we can see internet etc..
we can do this by typing:
sudo ufw allow out 25,53,80,110,443/tcp
sudo ufw allow out 5050,53323/tcp
sudo ufw allow out 6667:7000/tcp (notice here 6667:7000 means ports 6667 6668 6669 and 7000 will be allowed (and that's how you tell ufw to allow a port range))
sudo ufw allow out 6969,51413/tcp (if we use torrents)
sudo ufw allow out 53,67,68/udp
after we set our rules (these rules are decent enough but probably lacks a rule for your need or have a rule you don't really need) we need to restart the firewall by simply giving the commands:
sudo ufw disable && sudo ufw enable
then you're ready.
Additional ports you may need:
Yahoo file transfer: 4443
WoW: 3724
Doom: 666
FTP: 21
SSH: 22
Telnet: 23 (please no..)
netbios: 137:139
ms-ds: 445
mysql: 3306
keep in mind firewall isn't needed if you don't have a server, if you're concern about your security think that your internet browser is in the first line, strengthen your browser by installing noscript, adblock plus, disconnect, don't visit weird websites and ofcourse, don't install programs from 3rd party repos.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου