In an earlier post I talked about UFW (Uncomplicated Firewall) for Ubuntu.
If your looking for a firewall to protect your entire network have a look at SmoothWall Express 3.0. Smoothwall is an Open Source firewall based on Linux, which is developed by SmoothWall Ltd who also provides commercial software.
The firewall distro has been hardened and the entire download is 81MB. Installation and setup is easy and straightforward with the documentation made available. After the initial installation all configuration is done via web-based GUI over a secure port. The distro is also feature complete allowing you to setup a DHCP server, NTP server, Intrusion Detection System, and manage VPN connections along with many other features.
Smoothwall is really a set and forget distro requiring very minimal specs to run. If you have old hardware collecting dust give this distro a try. Having more control over your network is a good thing.
Links:
www.smoothwall.org
Installation Guide
Setup Configurations
SmoothWall defines sections of your network as colors.
Red = Internet
Green = Local inside traffic
Orange = DMZ (web server, etc.)
Purple = Wireless access
Sample Diagrams
Basic
Basic with router
With DMZ
With wireless access
In my research to decide on my next Linux server distro I came upon two cool facts:
Thanks to my good friends at UF for this cool information.
Looking for more news on Ubuntu in one place? The website http://voices.canonical.com/ is a comprehensive blog that compiles posts from Canonical projects and Ubuntu members into one place. If you like RSS feeds like me this is the way to keep up with what’s going on. If you want a more technical view of Ubuntu or any Canonical project you should head to https://lists.ubuntu.com and sign up for the project you are interested in.
It appears this site has just started aggregating the different blogs of Ubuntu into one site.
Quoted from: http://slgeorge.wordpress.com/2010/01/29/canonical-conversations/
Want to know Canonical’s secret business plan? Or find out the latest features we’re working on in Ubuntu or UbuntuOne? Then hop over to the Canonical Voices site. It’s a blog aggregator that provides a single location for Canonical employees to blog and engage with the wider world.
I can’t promise that I’ll be any better at blogging regularly, I’ve already broken quite a few promises and resolutions on that front! Nonetheless, I’ve started aggregating posts about Ubuntu, Linux and Canonical over to the Voices site. Please check it out and become part of the conversation!
I’m trying to decide which OS will be better for my media server. I have little experience with CentOS or any Red-Hat based linux system. I have a few questions:
- Is it well supported like Ubuntu?
- Is is more security-oreinted?
- Which one runs web services better?
I have an IDS running on CentOS right now that I enjoy working on except for the different file placement. So I’m off to further research CentOS and if you have any thoughts let me know.
Graphic provided by Another Ubuntu Blogspot.
I made this my wallpaper. Don’t forget Alpha 1 will release in five days so get ready to start testing.
Looking for a good firewall for your Ubuntu server or desktop?
Uncomplicated Firewall (ufw) is a simple and easy to use firewall that comes already installed in Ubuntu server and desktop versions beginning with 8.04. UFW is a front-end to iptables, which is highly configurable itself, but can be such a pain to learn how to use. Since the introduction in 8.04, the following features have been added making UFW even more useful:
| Feature |
8.04 LTS |
8.10 |
9.04 |
9.10 |
| default incoming policy (allow/deny) |
yes |
yes |
yes |
yes |
| allow/deny incoming rules |
yes |
yes |
yes |
yes |
| ipv6 |
yes |
yes |
yes |
yes |
| status |
yes |
yes |
yes |
yes |
| logging (on/off) |
yes |
yes |
yes |
yes |
| extensible framework |
yes |
yes |
yes |
yes |
| application integration |
– |
yes |
yes |
yes |
| limit incoming rules (rate limiting) |
– |
yes |
yes |
yes |
| multiport incoming rules |
– |
yes |
yes |
yes |
| debconf/preseeding |
– |
– |
yes |
yes |
| default incoming policy (reject) |
– |
– |
yes |
yes |
| reject incoming rules |
– |
– |
yes |
yes |
| rule insertion |
– |
– |
yes |
yes |
| log levels |
– |
– |
yes |
yes |
| per rule logging |
– |
– |
yes |
yes |
| outgoing filtering (on par with incoming) |
– |
– |
– |
yes |
| filtering by interface |
– |
– |
– |
yes |
| bash completion |
– |
– |
– |
yes |
UFW does not have a graphical user interface (gui), but the commands are very simple to use. To use UFW if your running the desktop version of Ubuntu simply open a terminal. The terminal can be found at Applications menu -> Accessories -> Terminal.
To enable the UFW run
sudo ufw enable
In the security world deny by default is normal policy. To enable this policy simply run
sudo default deny
Then simply disable and re-enable the firewall for this policy to take effect
sudo ufw disable
sudo ufw enable
All incoming connections to your server or desktop will be denied. I use UFW on both my server and desktop. Linux is built with security in mind, but having an extra layer never hurts.
For more information on UFW check out the wiki HERE.
I like a solid foundation. In a few weeks CompTIA will be updating the four 
year old Linux+ exam with newer material including more security topics. To further my learning and to get a baseline level of knowledge I plan to take the Linux+ exam later this year. Most of what I’ve learned I have taught myself or found help on the awesome ubuntuforums.org support forums. I still have basics I need learn and I’m sure I’m missing out on some cool terminal commands.
The updated book from Sybex will not be out until October, so if anybody has any questions from Transdumper or sample questions on .txt files please let me know. You can send the files to Adam @ TuckLive.org.
Recent Comments