Site Tools


start:firewall

Table of Contents

DATE CHECKED THIS PAGE WAS VALID: 01/09/2023

Open a terminal and type:

sudo apt-get install gufw

Once installed just run 'gufw' from the terminal. Make sure you change status to on. In order to open a port just go to rules and an advanced rule opening port 22 would be something like:

Name: SSH Insert: 0 Policy: Allow Direction: In Interface: All Interfaces Protocol: TCP From: <blank> <blank> To: <blank> <22>

This opens SSH from anywhere to your PC. Obviously this is an example, you would change or add rules as appropriate for your use case.

Example:

Notes

Notes:

Audit your firewall settings:

Sometimes it is useful to compare what services are running on Debian vs what you have open as ports. I will do this now on my box to show an example.

First run this command to get a list of services listening on ports on your machine:

sudo lsof -i -P -n | grep 'LISTEN\|UDP'

So here is the output:

Relevant info is this:

aragorn@Aragorn:~$ sudo lsof -i -P -n | grep 'LISTEN\|UDP'
avahi-dae    1230        avahi   12u  IPv4   21240      0t0  UDP *:5353 
avahi-dae    1230        avahi   13u  IPv6   21241      0t0  UDP *:5353 
avahi-dae    1230        avahi   14u  IPv4   21242      0t0  UDP *:47819 
avahi-dae    1230        avahi   15u  IPv6   21243      0t0  UDP *:47292 
sshd         1356         root    3u  IPv4   21334      0t0  TCP *:22 (LISTEN)
sshd         1356         root    4u  IPv6   21336      0t0  TCP *:22 (LISTEN)
dnsmasq      1593       nobody    3u  IPv4   29098      0t0  UDP *:67 
dnsmasq      1593       nobody    5u  IPv4   29101      0t0  UDP 192.168.121.1:53 
dnsmasq      1593       nobody    6u  IPv4   29102      0t0  TCP 192.168.121.1:53 (LISTEN)
dnsmasq      1639       nobody    3u  IPv4   27149      0t0  UDP *:67 
dnsmasq      1639       nobody    5u  IPv4   27152      0t0  UDP 192.168.122.1:53 
dnsmasq      1639       nobody    6u  IPv4   27153      0t0  TCP 192.168.122.1:53 (LISTEN)
teamviewe    2195         root   12u  IPv4   41331      0t0  TCP 127.0.0.1:5939 (LISTEN)
qemu-syst    4145 libvirt-qemu   10u  IPv4   47982      0t0  TCP 127.0.0.1:5900 (LISTEN)
qemu-syst    4240 libvirt-qemu   10u  IPv4   44892      0t0  TCP 127.0.0.1:5901 (LISTEN)
gnome-rem   56014      aragorn   40u  IPv6  369452      0t0  TCP *:3389 (LISTEN)
cupsd      425618         root    7u  IPv6 3274437      0t0  TCP [::1]:631 (LISTEN)
cupsd      425618         root    8u  IPv4 3274438      0t0  TCP 127.0.0.1:631 (LISTEN)
cups-brow  425667         root    7u  IPv4 3276300      0t0  UDP *:631 
teams      886490      aragorn   68u  IPv6 5213037      0t0  UDP *:50532 
firefox    888388      aragorn   75u  IPv4 6082652      0t0  UDP *:57711 
firefox    888388      aragorn  143u  IPv4 6100036      0t0  UDP *:48078 
nxplayer. 1049675      aragorn   27u  IPv4 5971216      0t0  TCP 127.0.0.1:52574 (LISTEN)
nxclient. 1049735      aragorn    6u  IPv4 5973212      0t0  TCP 127.0.0.1:48595 (LISTEN)
nxclient. 1049735      aragorn   13u  IPv4 5964685      0t0  UDP *:5353 
nxclient. 1049735      aragorn   14u  IPv4 5964686      0t0  UDP *:53446 
nxclient. 1049735      aragorn   15u  IPv4 5964687      0t0  UDP *:56363 
nxclient. 1049735      aragorn   16u  IPv4 5964688      0t0  UDP *:54367 
nxclient. 1049735      aragorn   17u  IPv4 5974179      0t0  UDP *:38458 
nxclient. 1049735      aragorn   24u  IPv4 5974180      0t0  UDP 192.168.2.12:47905->192.168.2.2:1900 
aragorn@Aragorn:~$ 

So assuming we had no firewall setup we can determine a few things:
1) MDNS might respond on UDP 5353 and 47819/47292. I can be hard to know with UDP sometimes.
2) My box is listening on port 22 TCP for SSH connections.
3) My box has several DNS related ports open it might respond to.
4) A program 'teamviewer' is listening on 5939.
5) Two virtual machines are running and you can VNC to them on 5900 and 5901.
6) Gnome DE will accept a connection from an RDP client to view my machines screen.
7) Firefox is doing 'something'.
8) No machine player is listening on various ports (this is similar to RDP but an alternative method).

So there is quite a lot we found. We should ensure that anything we dont trust is closed, or at least that the ports are blocked by our firewall.

Here is my firewall rules in the GUI app:

From this image we see that my only open ports are:
22 for ssh
4000 for nx
3389 for rdp

So we can see there is some discrepancy between my rules and what is listening.

So in my case I am intelligently reviewing the rules and only changing what is appropriate. I decided to delete rule opening port 4000 from the firewall application and remove the teamviewer application from my box so that it is not listening or doing anything on my box. I felt this was appropriate in my case, however you might make different or more or less changes.

start/firewall.txt · Last modified: 2023/09/01 13:43 by peter