EXPLODING FIREWALLS
The phrase “Linux doesn’t need a firewall” is commonly voiced. And it’s true, in the sense that your desktop distribution will work just fine without one. The same is true for Windows, up to a point, yet it still ships with one enabled by default. And any hardened user of the Redmond-ian OS would frown at you if you turned it off without good reason. Why? Because it takes away a layer of security that probably wasn’t doing any harm in the first place.
The main difference, and the reason Linux users get away with no firewall, is that a standard desktop install isn’t running many services. So even if someone you didn’t trust could contact your machine, there are no listening ports to connect to. On Windows, a standard install will have at least file and printer-sharing (SMB, NetBIOS) services listening, and probably much more. There’s nothing inherently wrong with this – those services are firewalled after all – but even if they weren’t, many of them (by default) are only listening on the LAN, or even the local loopback address. However, if something went wrong and for some reason the file-sharing service started listening on the 0.0.0.0 (all interfaces) address, without a firewall we’d be living dangerously. Not only could attackers see our shares, but they could leverage an exploit against the service.
Here we’ll discuss the ins and, and the simpler . We’ll dispel myths about the protections offered by home routers, and we’ll show you how to set up a simple firewall that doesn’t get in your way, doesn’t require any command-line jargon and will make your Linux install just that little bit safer.
You’re reading a preview, subscribe to read more.
Start your free 30 days