Question

1

How to configure firewall for home PC

rated 0 times [ 1] [ 0] / answers: 1 / hits: 2916 / 2 Years ago, thu, october 6, 2022, 5:51:28

Firstly, for a home PC, behind a router isit important to install/configure a firewall?

If so, how do I do it? I have lamp-server installed as I'm a web developer. I may want my other PC's on LAN to access my files or web pages, ssh in (maybe in the future), but not from outside. How can I configure this? From work, I learnt that I keep blocking myself all the time, also denyhosts is useful for bruteforce hacking. But problem is I am not a System Admin so I keep blocking myself (including others) instead. Maybe gufw + denyhosts maybe a good start

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

socelebrate

Add To Favorites

Follow

Total Points: 274

Total Questions: 123

Total Answers: 124

Location: Saint Helena

Member since Mon, Jan 16, 2023

1 Year ago

socelebrate questions

1 "Copy a screenshot area to clipboard" isn't available on Ubuntu 22.04

Tue, Oct 5, 21, 19:07, 3 Years ago

1 I can't use fingerprint sensor in ubuntu 22.04

Mon, May 15, 23, 02:00, 1 Year ago

1 How can I set a custom icon for firefox running through firejail? (not only for the launcher but also for the running app itself)

Tue, Jul 20, 21, 14:41, 3 Years ago

1 AX210 wifi not working on Ubuntu21.04

Tue, Nov 30, 21, 09:49, 3 Years ago

1 Not able to change network settings on Kubuntu 20.10

Sun, Dec 12, 21, 23:29, 2 Years ago

View All

answered 2 Years ago ingssex · Accepted Answer

Your question if fairly broad and I will try to answer some parts.

A firewall can be helpful for you, and you already know what you want - allow clients on your LAN and deny everyone else.

So, first thing, your router. Disable UPnP and do not forward port 80 (http) or 443 (https). If you need , you can forward SSH (port 22).

On the server you can then significantly increase ssh security if you use ssh keys (to log in) and disable passwords.

Ubuntu wiki ssh keys

denyhosts can be helpful, but the lockouts are a hassle. You can whitelist an IP or ip range.

For some advice on denyhost see http://www.cyberciti.biz/faq/block-ssh-attacks-with-denyhosts/ or the denyhosts documentation.

Now for your firewall , you can easily use ufw or if you want a graphical front end gufw.

Assuming you want just HTTP and SSH (change 192.168.0.0/24 to your LAN):

sudo ufw enable

sudo ufw allow from 192.168.0.0/24 to any port 80

sudo ufw allow from 192.168.0.0/24 to any port 443 



# for ssh from anywhere

sudo ufw allow ssh



# for ssh from your lan only

sudo ufw allow from 192.168.0.0/24 to any port 22