Firewall with Ubuntu

Markus Schönhaber ubuntu-users at list-post.mks-mail.de
Wed Apr 2 15:49:13 UTC 2008 

Joseph wrote:

> Oliver Grawert wrote:

>> do you really think its necessary to use something else than the default
>> setup of ubuntu if not even high class hackers manage to break in ?
>> (unlike with the vista and os X devices that participated)
> 
> I wasn't aware of that.  So with all due respect, what is the difference between 
> the one that's already programs into Ubuntu and the front end firewall program?

As Derek already said: there is essentially only one packet filter (or
"firewall" if you want to call it by that name) not somehow different
ones. But you have to tell the filter what to do with which packets. You
can do that using command line tools like iptables or GUI tools like the
ones mentioned in this thread (firestarter etc.).

> I'm just curious why anything else would be offered by Ubuntu is what they have 
> is absolutely enough.

Because "absolutely enough" for you may be very different from
"absolutely enough" for me and both may be very different from
"absolutely enough" for someone else.

As Oliver said: Ubuntu's default install is very secure in the sense
that it only accepts network packets which are replies to packets you've
actively sent (for example the response packets from a web server you
requested a web page from). All others are rejected.
And this is achieved without any packet filter rules but by not
installing any service that actively accepts new requests from the
network - and then letting the network stack do it's work.
So, as long as you do not install such network services or want to use
your machine as, for example, a router, there is not much you can do
with a packet filter to improve the security (whatever that may mean) of
your machine.
But if you think you really need a packet filter, you should know
*exactly* what you want to achieve and how to achieve this goal using
the filter.
There is no "firewall" you simply install and that makes your machine
magically "safe".

In case you wonder: All those vendors of "personal firewalls" for
Windows don't sell security. They sell a warm and cosy feeling.

Regards
  mks

More information about the ubuntu-users mailing list