Firewalls: what SHOULD I block?

Cornflake@lemmy.wtf to Linux@lemmy.ml – 83 points –

Hey there folks,

I'm trying to figure out how to configure my UFW, and I'm just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I'm a total newbie to configuring firewalls so I'm just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don't even know how/where to monitor local traffic to figure out what I can/should consider blocking.

72

You are viewing a single comment
View all comments

In a nutshell,

  • Use wireshark

  • See if theres any weird connections going on (i.e you visit pancakes.com and wireshark shows unrelatedsite.com making a request as well)

  • Block unrelatedsite.com

"What about firewalls?"

Block from ports 1000 'till the very end (65565 if I'm not mistaken.) -- that is your "bread and butter" approach.

"W-what if I'm using a port past 1000?"

Nah, you (very likely) aren't and never will.

This is not great advise to say the least. You want to block all incoming but allow all outgoing.

Also visiting a https site will not magically ports. It uses 443/tcp and if you are using a site with WebRTC (used for calls on platforms like teams) ports 443/UDP and 50000-65535/UDP. However, there is no reason you need to know that unless you are in a professional field