Firewalls: what SHOULD I block? - eviltoast

Hey there folks,

I’m trying to figure out how to configure my UFW, and I’m just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I’m a total newbie to configuring firewalls so I’m just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don’t even know how/where to monitor local traffic to figure out what I can/should consider blocking.

  • drkt@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    7
    arrow-down
    9
    ·
    edit-2
    2 months ago

    You shouldn’t be touching it, honestly. There’s a firewall at your router. It should be responsible for blocking incoming traffic. Firewalls on individual machines are for servers where you know exactly what’s going in and out. I don’t have a firewall on my desktop or laptop.

    You will spend the best years of your life chasing random network connections if you block everything by default.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      I don’t have a firewall on my desktop or laptop

      you are brave to use your laptop that way. or is it used as a stationary device?

      but yes it is useful at home if you live with people who you don’t trust to be managing their computer safely

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          run sudo ss -tulpn, and have a look at the processes and their privileges listening for incoming connections. If one of them has a vulnerability, through which a third party can make that software do things it was not intended for… that’s pretty bad.
          This can most easily happen with software whose developers are underresouced/careless/stubborn.

          A recent case of that happening: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
          Tl;Dr, remote code execution vulnerability in software that most often runs as root, automatically.

          • drkt@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            I understand your point but I reiterate that I don’t connect to unsafe networks. If someone has remote code execution on a device on my side of the network then they are also inside my apartment and I’d be more worried about that.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            You don’t understand local host. Services listen on 127.0.0.1 which is a local only address. You can only connect to it locally

            • ReversalHatchery@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              who speaks about localhost? out of 21 active ports on my machine, only 3 is only listening on localhost. dhclient, avahi-daemon, syncthing, kdeconnect… cups-browsed did not listen only on localhost either

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      2 months ago

      This is good sane advise. I think a lot of people here don’t understand networking