Ubuntu Security :: Create A Firewall And Have It Saved So It Doesn't Get Lost Through Reboots
Sep 9, 2010
What I would like to do is create a good firewall and have it saved so it doesn't get lost through reboots. I have read the iptables document and the ufw document but it's still a bit confusing.
What I would like to do is be able to browse the web so I need to have rules for that as well as https. I'm not sure what rule I need for DNS for DHCP. Other than those basics I don't want anything else to happen save for updates. When I get more used to it I will add more rules if I need them. I also want IPv6 off, for incoming, outgoing and forwarding, and my guess is that I do not need any forwarding for IPv4. Ah yes and I need the loopback working.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
[code]....
View 5 Replies
ADVERTISEMENT
Mar 7, 2011
I have downloaded some files and saved them in one of my partition. But when i boot back from windows 7 those files were not visible. So i went back to fedora and found that the files are no longer there then i tested by saving some other files in the partitions and when checked through windows 7 those files are gone. they are not available anymore....i searched everywhere through both OS but couldnt find it.
View 2 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Jan 14, 2011
I would like to have on unix-like platforms, the same functionality as to Windows 7 Library folders (aka virtual folders) you see in Windows Explorer.Gnome Nautilus do that kind of virtual folders through saved search. But I want a system-wide solution, not a gnome-wide solution.Is there a tool that creates virtual folders from the concatenation of multiple search queries (the result of multiple find commands ?). The solution should index files for better performances and you should be able to define the default folder for copy operations.
View 1 Replies
View Related
Aug 4, 2011
I've had a problem for a while-- when I save files on a USB stick in Ubuntu, then put it in a windows computer, it doesn't recognize the files. It only recognizes a video file that I have, but not the .doc files. The folders either don't appear or only appear as shortcuts.
View 9 Replies
View Related
Aug 5, 2010
I've been building up my second gentoo system, and I've found a strange issue with top. Basically I'll load it up, configure it how I want it, sorted by CPU, set the colours etc then I'll save the config via 'W'. On my old system when I quit out and load top, it automatically loads up my settings from the ~/.toprc file - I dont recall setting this up at all, but maybe I have and just dont rememmber.Eitherway, on my new system it just ignores my toprc file. I can't see anything in the settings to choose a default file to load, and so am a bit confused by this issue.
View 5 Replies
View Related
Oct 8, 2010
if you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
View 8 Replies
View Related
Nov 11, 2010
I've got a computer i'm trying to VNC to.
The problem is that when the computer starts up/reboots it doesn't "Unlock the system keyring"(I think that's what it said).
When I try and attempt to connect to the computer it asks for the VNC password(as per normal) but fails to connect after that.
The reason is that the Ubuntu computer prompts for the user's password to unlock the system(locally).
What I want is to be able to turn on the computer without having to worry about entering the password. I've had it running fine on 8.04 yet the newer version seems to be annoying :s
The system is set to automatically login on startup too.
I've tried this: "delete the keyring folder under /home/XXXX/.gnome2" then setup remote desktop again. But that hasn't worked either. I still have to enter the password to a keyring
View 2 Replies
View Related
Oct 28, 2010
I'm new to ubuntu and want to install stepmania so i downloaded the binary, i want to put the files in the /opt/ directory, the only problem is i cant create a new folder, i tried dragging a ready-made file into it but it just says "you do not have the permissions to file:///opt/" Im soo sad i wanna play my sM NOW!
View 3 Replies
View Related
Sep 23, 2010
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
View 2 Replies
View Related
Dec 12, 2015
I had some issues with nvidia drivers, and removed all of the packages using
Code: Select allrm /etc/X11/xorg.conf and Code: Select allapt-get purge nvidia*
Upon reboot, I was back with nouveau drivers and proceeded to reinstall nvidia drivers according to [URL] .....
Code: Select allapt-get install nvidia-driver
apt-get install nvidia-xconfig
I can then change my refresh rate using
Code: Select allnvidia-settings
but when I hit "Save to X configuration file", I get the following output in terminal:
Code: Select allroot@debian:/home/anon# nvidia-settings
Package xorg-server was not found in the pkg-config search path.
Perhaps you should add the directory containing `xorg-server.pc'
to the PKG_CONFIG_PATH environment variable
No package 'xorg-server' found
As a result, my nvidia preferences aren't saved across reboot.
Here are all of my sources:
Code: Select alldeb [arch=amd64,i386] http://repo.steampowered.com/steam/ precise steam
deb-src [arch=amd64,i386] http://repo.steampowered.com/steam/ precise steam
deb http://ftp.ca.debian.org/debian/ jessie non-free contrib main
deb-src http://ftp.ca.debian.org/debian/ jessie non-free contrib main
[Code] ....
System Specs:
Debian GNU/Linux 8 (jessie) 64-bit
Gnome Version 3.14.1
Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz × 8
Graphics: GeForce GTX 780/PCIe/SSE2
View 6 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Feb 23, 2011
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
View 7 Replies
View Related
Mar 22, 2010
I would like to create a hardware firewall. I just don't know how i can do it. I know that i need at least 2 NIC cards but i don't know about the configuration of this.
Is there any guide or some think that can show me how to create a proper one? I need any informations that you might have couse this is my final "article" for my university
View 5 Replies
View Related
Jul 20, 2010
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status:
buntu@ubuntu-desktop:/var/lib$ sudo ufw status
Status: active
To Action From
-- ------ ----
192.168.1.201 21/tcp ALLOW 21/tcp
192.168.1.201 4444/tcp ALLOW 4444/tcp
192.168.1.201 5544/tcp ALLOW 5544/tcp
[Code].....
View 8 Replies
View Related
Jul 3, 2010
I've a mind to deny _all outgoing_ except my bookmarks (having got their IP) and DNS. Trouble is I'm unsure about new sites, running a whois/reverse and adding it on.
View 1 Replies
View Related
May 23, 2010
Will I need to actiavte the firewall that comes with Ubuntu since I'm using Transmission?
View 9 Replies
View Related
Aug 13, 2010
I am new to the Ubuntu/Linix world (less than a week).
I have tried the search, but have had difficulty finding threads on this.
Can someone recommend an excellent firewall to use with Ubuntu?
View 9 Replies
View Related
Aug 14, 2010
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall
1) ignore (eg drop without responding)all packets that dont start with a syn flag
2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
View 7 Replies
View Related
Nov 4, 2010
I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.
View 9 Replies
View Related
Jun 15, 2011
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code:
uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ exit
logout
What do I have to do to allow ufw to allow ssh tunnels through?
View 4 Replies
View Related
Jun 21, 2011
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
View 2 Replies
View Related
Feb 13, 2010
i want set up IDS(Intrusion detection system) and Firewall in my home just for learning.. The Goal is learn IDS log and Firewall log..
View 4 Replies
View Related
Apr 14, 2010
I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.
I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?
View 1 Replies
View Related
May 9, 2010
I have a set of iptables rules generated by Firestarter, and i'm in the process of trying to familiarise myself with iptables itself, but there's one particular rule which is confusing me, perhaps somebody could explain it to me
My INPUT chain reads as follows:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- cdns01.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cdns01.plus.net anywhere
ACCEPT tcp -- cdns02.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
[Code]...
Given that the firewall is actually blocking packets, it can't be this simple, so what am I missing?
View 1 Replies
View Related
Sep 30, 2010
I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.
View 9 Replies
View Related
Oct 2, 2010
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies
View Related
Jan 4, 2011
I know that GNU/Linux does not need a firewall (due to iptables), but I would like a basic firewall that would watch incoming and outgoing connections. I would prefer it to have a try icon and be able to run as a regular user, such that I can add it to my .fluxbox/startup file. Anyone know of any good ones? They don't actually have to interface into iptables (because I would do that myself), but if they do it would be a bonus.
View 4 Replies
View Related
Jan 18, 2011
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
View 1 Replies
View Related
Feb 15, 2011
I want to have a firewall that is connected to my modem and router and have it function as just a firewall no dhcp no routing is that possible?
View 3 Replies
View Related
