In my previous post I listed my personal top 10 tips on securing a home Linux installation. Here are further thoughts on Tip 1.
Enable OS-level firewall and disable unnecessary ports and services
Firewalls block unnecessary traffic from getting to (inbound) or leaving from (outbound) your system. Correctly configured firewalls minimise the attack surface you present on the internet. Pro tip: create a cyber honeypot and monitor network traffic to it. You’ll be amazed at the amount of unsolicited requests and exploit attempts that start hitting your honeypot system.
You can use firewalld on Fedora or ufw on Ubuntu. Essentially these are front-end configuration tools for the Linux kernel’s netfilter subsystem.
Check if your system firewall is enabled
On Fedora, to check if firewalld is already running:
sudo systemctl status firewalld
sudo firewall-cmd --state
To identify the active firewalld zone and what ports and services are enabled:
sudo firewall-cmd --list-all-zones
Find out more
- To drill deeper into firewalld, including learning how to disable and enable ports and services, read the documentation for Fedora 34. If you are just getting started in the Linux sysadmin space and wondering what firewalld is all about, I suggest reading this firewalld guide from Red Hat. For more advanced reading, see RHEL 8’s guide to configuring firewalld.
- To understand how ufw works, visit Ubuntu’s documentation.
- Stay tuned for a future post from me on firewalld and firewall-cmd on Fedora.
A final word on Tip # 1: Don’t forget to check that firewalls are enabled on all devices in your home network – routers, switches, any network-attached storage and IoT devices.
- Any commands above are based on Fedora Workstation, releases 34 & 35. That is because Fedora, RHEL and variants are my personal Linux comfort zone. I have a working knowledge of Ubuntu and its variants too, so feel free to pop a question into the comments below if you want some pointers in the Ubuntu space.
- I will usually give command-line instructions through this blog. Partly because the CLI is what I am most familiar with. The CLI can also provide finer configuration control, with better opportunities to understand how systems work under the hood.
- Finally, I have given the commands but not expected outputs. Those will have to wait for future deep-dives into specific topics.
That’s it! Stay tuned for Tip #2 of my top 10 tips for securing Linux @home. Let me know what you think of this one by leaving a comment below.
A glossary of terms is available here.
Once again, ensure you’re familiar with the disclaimer here!
This post references documentation and articles on netfilter.org, fedoraproject.org, redhat.com, ubuntu.com and kaspersky.com. Sources are linked to within the post’s content above.
Featured image from Pexels.com by Mayur Rawte.