Security Tip # 1 – OS-level Firewall

In my previous post I listed my personal top 10 tips on securing a home Linux installation. Here are further thoughts on Tip 1.

Enable OS-level firewall and disable unnecessary ports and services

Firewalls block unnecessary traffic from getting to (inbound) or leaving from (outbound) your system. Correctly configured firewalls minimise the attack surface you present on the internet. Pro tip: create a cyber honeypot and monitor network traffic to it. You’ll be amazed at the amount of unsolicited requests and exploit attempts that start hitting your honeypot system.

You can use firewalld on Fedora or ufw on Ubuntu. Essentially these are front-end configuration tools for the Linux kernel’s netfilter subsystem.

Check if your system firewall is enabled

On Fedora, to check if firewalld is already running:

sudo systemctl status firewalld
sudo firewall-cmd --state

To identify the active firewalld zone and what ports and services are enabled:

sudo firewall-cmd --list-all-zones
Find out more

A final word on Tip # 1: Don’t forget to check that firewalls are enabled on all devices in your home network – routers, switches, any network-attached storage and IoT devices.

General notes:

  • Any commands above are based on Fedora Workstation, releases 34 & 35. That is because Fedora, RHEL and variants are my personal Linux comfort zone. I have a working knowledge of Ubuntu and its variants too, so feel free to pop a question into the comments below if you want some pointers in the Ubuntu space.
  • I will usually give command-line instructions through this blog. Partly because the CLI is what I am most familiar with. The CLI can also provide finer configuration control, with better opportunities to understand how systems work under the hood.
  • Finally, I have given the commands but not expected outputs. Those will have to wait for future deep-dives into specific topics.

That’s it! Stay tuned for Tip #2 of my top 10 tips for securing Linux @home. Let me know what you think of this one by leaving a comment below.

A glossary of terms is available here.

Once again, ensure you’re familiar with the disclaimer here!

Sources

This post references documentation and articles on netfilter.org, fedoraproject.org, redhat.com, ubuntu.com and kaspersky.com. Sources are linked to within the post’s content above.

Featured image from Pexels.com by Mayur Rawte.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: