By default ubuntu doesn't come with firewall, not like other distro. But setup firewall can be very easy by using Firestarter
. Setting up firewall in Linux can be very flexible by using iptables. You can customized your firewall by writting iptables script which it can be very complex, Iptables not only use to define firewall rules, it can be use as a bandwidth monitoring
, port forwarding, etc. But If you only want to setup a simple firewall to protect your box, i suggest you try firestarter.
Why I want to setup firewall?
Before I decided to setup firewall, I always ask myself, why would I want to set up firewall. For me, i don't really care at first. But after i used firestarter ( firestarter have real time monitor to track down active connections and the blocked connections) I discover that there are so many host keep scaning my ports, why would I wanna let them scan my port? The feeling is just like you open your windows (NOT microsoft OS) and people keep spying you through your windows.
How to setup firewall using firestarter?
By default, firestarter deny most of the inbound ports and open all ports for outbound. That means if you use default firestarter settings, it blocks most of the inbound ports such as IRC, GAIM, EDonkey, SSH, samba, dhcp etc. That means you will facing problem of allows others user access through these ports. So you would like to allow these ports for outsiders.
1. At Policy tab, select Inbound traffic policy.
2. Select the second bar which have Allow service, port, for fields.
3. Click Add rules button.
4. Select the service you want to allow, let say samba(smb)
5. You can allows to anyone, but for me, i only allow for hosts within my subnet
6. My subnet is from 192.168.1.1 til 192.168.1.254
7. So i select "ip, host or network" option and insert "192.168.1.0/24"
(In order to understand why 192.168.1.0/24 , you need more reading on IP subneting)
8. Select Outbound traffic policy, make sure it selects "Permissive by default, blicklist traffic"
9. Click apply rules and start firewall.
Bellow are the common ports to open which do not defines in firestarter:
1. eDonkey network 4662-4672
2. msn, yahoo, gaim 1863
3. ircd 6667-6670 (default IRC port is 6667)
4. msn file transfer (6891-6900)
To know more about what ports for what purpose, go here
, in case you wanna allow other port for your application.
Use to search port: http://ports.tantalo.net/
IRC: chat.freenode.net do authentication using tcp 113, i facing some delay to log in the server, should accept this freenode-ip:113 tcp.