What is the Firewall comes with Kicksecure on CLI? ufw
was not included anywhere in any metapackage.
None yet. None has been developed yet.
related:
I am OK with current state, I don’t think we need extra Firewall.
While Kicksecure comes with no open ports by default, a firewall would be useful to protect the user from unwanted, unexpected ports opened by third-party software.
How this could be structured:
- kicksecure-shared-firewall
- kicksecure-desktop-firewall [block all ports by default]
- kicksecure-server-firewall [open port 22, which is SSH’s default port by default]
- Maybe the server firewall should come last. If ever. Much later. Maybe not at all. Maybe server operators should take care of a firewall themselves.
No worries.
I can use firewalld
or ufw
myself.
Note on UFW by default in Kicksecure:
Still depends on iptables
. This seems outdated. Waiting at least until it has been ported to nftables
.
Sorry for late reply, isn’t ufw
just a front-end of iptables
?
Based on web search, seems newer ufw versions support also nftables.
How about coming with a firewall that blocks all incoming by default?
# Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Of course.
iptables is deprecated. iptables → nftables.