Firewalls: what SHOULD I block? - eviltoast

Hey there folks,

I’m trying to figure out how to configure my UFW, and I’m just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I’m a total newbie to configuring firewalls so I’m just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don’t even know how/where to monitor local traffic to figure out what I can/should consider blocking.

    • Shdwdrgn@mander.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Sure it CAN be configured, but the typical policy of firewalls is to start from a position of blocking everything. From what I’ve seen, on Linux the standard starting point is blocking all incoming and allowing all outgoing. On Windows the default seems to be blocking everything in both directions. Sure you could start with a policy of allowing everything and block only selected ports, but what good is that when you can’t predict what ports an attacker might come from?

      • Wingless@mstdn.social
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        @Shdwdrgn on Linux, the firewall with zero custom rules always allowed everything. did that change in very recent kernels? if that’s the case, I’d expect a lot of lost acces to remote servers

        • Shdwdrgn@mander.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Most of my experience is with iptables, but yeah, I think until you start adding rules nothing is implicitly denied? Once you enable a couple of initial rules then you should have good blocking from the outside while allowing internal traffic to connect freely. It doesn’t get in your way until you start using it, but then it doesn’t take much to get it going.