Quwery about firewall software

Karl Auer kauer at biplane.com.au
Sun Nov 15 21:55:37 UTC 2015

On Sun, 2015-11-15 at 14:28 -0500, Doug wrote:
> I'm a home user with just enough network to run three computers and three printers,
> and I know absolutely nothing about configuring a firewall.

Then you should use a standard consumer router/modem and leave it alone.
It is almost certainly doing what you need. Make sure you have good
backups, take them frequently, keep at least a week of separate backups
(i.e., don't overwrite yesterday's with today's), keep the backups safe
(disconnected and preferably off-site) and follow good practices like
not opening email attachments.

> I am using a Western Digital 7-port + wireless
> N900 router, which I believe has a firewall in it, but nothing I had to configure.

That will do fine. Unless you are using IPv6, you are well-enough
protected for what you do. People who need more protection are people
who run externally-reachable services - ssh, web, VPN, and suchlike -
because those reach into the network from outside.

IPv4 firewalls have no effect at all on IPv6. If you are using IPv6 (or
don't know if you are using IPv6), I would suggest getting knowledgeable
help to check whether you are protected. You need at a minimum these
rules implemented somehow:

   allow "established and related" inbound
   allow everything outbound
   allow nothing

> Is MikroTik better? How much better? If I got one, where would I find instructions
> in plain English on setting it up?

Even in plain English you'd still need to put in a bit of hard work
figuring out the concepts.

MikroTik is just the brand I like. It has a lot of bang for the buck.
There are other brands, plus things like DD-WRT, that are just as good.

But pfSense isn't bad, that's not at all what I am saying. My point is
just that building a firewall on a general purpose computer is generally
a bad idea. Not because you get an inferior firewall, you certainly
don't! But because it costs more money time and effort than buying a
suitable device.

> Since I generally use Linux and very seldom boot into Windows, is there a
> good reason to think about an upgraded firewall? I'm not using the systems
> for business, but I would not like to find my system(s) held for ransom!

For your situation, I would guess not.

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882

More information about the ubuntu-users mailing list