Last week a question on viruses so this week moving on to the n3xt part of security the Uncomplicated Firewall…
By default after installing mint you get the welcome screen, to do system updates, check hardware devices drivers, the backup system timeshift etc… at the bottom of the list is the firewall. Normally i click to activate it but thats all i do never altered a setting in it or checked it afterwards.
So the questions
At home as a single user do i need it ?
Should i set something in it to protect myself ?
Do i need to revisit after a period ?
I know what a firewall is and does but only on servers never on stand alone pc
I have never had issues or problems so just a general user question around security
In theory, if your machine is behind NAT you should not need a firewall, and there is probably a firewall in your modem anyway.
In practise, if you feel safer , by all means turn a firewall on.
No harm in having 2 levels of protection.
Dont get too creative with your rules, or you may stop something communicating.
There is a UFW Firewall article in the current (April 2024) edition of Linux Magazine
Forgive my lack of knowledge, but I search “NAT” and came up with.
" NAT conserves IP addresses that are legally registered and prevents their depletion." Bold was not added by me. How can I tell if I am behind a NAT?
Same here – I always activate it. Below a screen shot for people to see it.
I “assume” the firewall will stop any non-solicited incoming traffic from the internet.
@easyt50
To tell if you’re behind NAT you can check your local IP address (using the command ip a) and it will likely be something like 192.168.0.123. Then curl ifconfig.me or another spot to see what your apparent public IP address is and it’ll be something different like 35.232.11.19 (that IP is something from Google Cloud).
@callpaul.eu
I think you can use UFW with the default settings. I’m not certain what the default rules are, but the defaults may stop some outbound connections from succeeding if some sort of malware is on your computer. Your router running NAT should stop anything inbound from reaching your computer unless you’ve setup a NAT rule to allow a specific port or range of ports.
The only thing NAT allows is responses to requests. Your computer makes an outbound request targeting port 80 or 443 for a website. It makes this request from a random port in the ephemeral range (1024-65535 but that varies a bit). The server responds back to your request on that ephemeral port.
The bad news is that UFW may also stop some valid piece of software from making a connection as well. If that were to happen, you could temporarily disable UFW and see if that fixes the issue and then you can create a firewall rule to allow that traffic.
Hi @pdecker,
I know very little about telecommunications. “ip a” displays back about 15 lines of info. One of which was " inet 192.168.1.213/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s31f6". Was that what I was suppose to look for? Also “ifconfig.me” - I don’t know what to do with this.
Like I said, very little knowledge about telecom.
Searching my ip address shows something like 71.163.xxx.xxx.
(I was recommend not to show actual ip address.)
That will just spit out your public IP address at a command prompt if you’re using Linux. It’s probably easier to just use a browser. In a browser ifconfig.me or ifconfig.co give you lots more information too.
NAT stands for network address translation. When it was first used it was called IP Masquerading.
It works like this. You use one of those 192.168,.x.x addresses for your machine locally. When you send a packet thru your modem to the internet its source address is changed to an apparent IP address which the internet can see and use. When your packet reaches its destination and there is a reply, it goes to the apparent IP address, then NAT translates that apparent IP back into your internal 192.168.x.x address and allows the packet into your local net.
So the internet never sees your 192.168.x.x. That is why it was called IP masquerading… you pretend to be that apparent IP address.
If someone from the internet ( or even yourself) tries to see your IP address, all they can see is the apparent address. If they try to send a packet to the apparent address, NAT will not let it into your local net, because it is not a reply packet from some site you contacted.
So NAT is able to distinguish between reply packets and packets originating from the internet, and it only lets the former in. That is why NAT is good intrusion protection.
Sure, it saves you having to be allocated a static IP address, but it is far more useful than that.