Gufw set up with wireless router

Asked by tsangdavid1

Hi

Is there a way to set up gufw firewall to allow only traffic from my wireless router-would this be safer than my current default deny configuration?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu gui-ufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
wojox (wojox) said :
#1

You really don't even need gufw enabled if using a wireless router. The router acts as a Firewall. Here's their site if you still want more info: http://gufw.tuxfamily.org/index.html

Revision history for this message
tsangdavid1 (tsangdavid1) said :
#2

True but lets say someone manages to bypass the wireless encryption and then gets access to the list of clients on my subnet. Would gufw firewall block access from other clients on my wireless network that are trying to attack me? That is, is the local area network perceived as a safe or trusted zone under gufw?

Revision history for this message
wojox (wojox) said :
#3

True to you. In advanced tab: you put as IP (to or/and from), with format:192.168.1.0/24 and this should cover your lan.

Revision history for this message
tsangdavid1 (tsangdavid1) said :
#4

Ok i did what you said in your last post-but what will this do? will it block other connected computers on my wireless network from attacking/connecting to me?

Revision history for this message
wojox (wojox) said :
#5

It will block other computers outside your lan from connecting to you. Other computers on your network should still be able to communicate. That's what you were gunning for correct (set up gufw firewall to allow only traffic from my wireless router)? What services do you have running? What type of configuration do you have set up? A host with some clients? Or just a few desktops and laptops behind a router? I've been running a Linux server and a desktop machine with a few Vista laptops from behind a wireless router for a while and never had any issues, with no firewall.

Revision history for this message
tsangdavid1 (tsangdavid1) said :
#6

At the moment im running my laptop behind a wireless router.

At my current gufw configuration i understand that no computer on the wide area network or internet can connect to me, however i want to make gufw only allow a connection between this individual computer and the wireless router. That way if a hacker was able to log on to my wireless network, then he would only have access to the internet, not direct access to my computer.

Revision history for this message
wojox (wojox) said :
#7

Okay let's see what services are running.

sudo netstat -lntp

Post that back.

Revision history for this message
wojox (wojox) said :
#8

You need not worry about firewall rules at all unless you install a server such as openssh-server because a default Ubuntu install isn't listening for incoming connections anyway, so all ports are closed.

Even if you install a server of some sort, unless you have a specific firewall requirement such as only allowing certain IP addresses to connect then isntalling a firwall is pointless. After installing it (which would block access to your service), you will just have to reconfigure it to allow that service through again. Like building a wall just so you can knock a doorway through it.

Revision history for this message
tsangdavid1 (tsangdavid1) said :
#9

Ok this is what i got back from that sudo command :

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1565/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 1565/cupsd
shinji@shinji-laptop:~$

What does this all mean?

Revision history for this message
wojox (wojox) said :
#10

It means that you printer port is configured and listening. It can only be accessed from you're machine, so you're pretty safe. No need to worry about being compromised.

Can you help with this problem?

Provide an answer of your own, or ask tsangdavid1 for more information if necessary.

To post a message you must log in.