I know all this already. But I also use arch and have been for the last 6+ years and I use ufw lol
Cyber security enthusiast/ pen tester who loves Linux and teaching how to keep people safe online. Also a Linux advocate and open source GNU/Linux supporter.
Knows python, rust, C++ C# and java (unfortunately)
- 0 Posts
- 15 Comments
Joined 11 months ago
Cake day: August 1st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.
A firewall is very important not just for being on public Wi-Fi connections. A firewall is your extra layer of protection
I don’t know what Distro you run. But it’s almost the same for each one
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.
Using IPv6
sudo nano /etc/default/ufw
That command should come back with this
IPV6=yes
Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.
Setting up default policies
sudo ufw default deny incoming sudo ufw default allow outgoing
These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.
To configure your server to allow incoming SSH connections, you can use this command:
sudo ufw allow sshThis will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default. UFW knows what port allow ssh means because it’s listed as a service in the /etc/services file.
However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:
sudo ufw allow 22If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port 2222, you can use this command to allow connections on that port:
sudo ufw allow 2222To enable UFW, use this command:
sudo ufw enable
There are way more viruses written for windows than there is for Linux
-
Linux users find viruses and they report them and then everyone works on a fix for it and it gets patched as soon as possible. This is why open sourced code is good.
-
Windows takes forever to fix or patch viruses most of the time they probably dont even care.
Everything virus related or even bug related gets patched almost immediately under Linux
Also… Everything you install on Linux is pre compiled and ore configured inside a package manager and these packages get checked constantly for bugs and viruses. Theres almost no need to install anything on Linux from websites that could be compromised
Out of the 13 years I have been using Linux I haven’t Once caught a virus but I also study malware and write malware so I also understand it more on a deep level.
But honestly it’s very hard to catch a virus on Linux
-
What don’t you completely understand about Linux firewall? I don’t mind helping you learn
ClamAV is really only used to check for cross virus contamination. It’s a tool that checks for windows malware inside of Linux.
Linux doesn’t need any malware software. The way Linux runs and works is already way more secure in itself, almost everything you’ll ever download is pre compiled intro software repositories that are checked constantly.
The only way you’ll catch a virus on Linux is being dumb and clicking ads or downloading something from untrusted sources like websites that could be fake but look real.
Oh yeah that’s right. I totally forgot ooensuse does that 😆 been a long time since I’ve used it.
I’m on Arch myself. Been a Linux user for 15 years I love it
Thanks for reminding me
Tumbleweed is rolling release so just make sure you snapshot your system once before an update and once after just Incase something goes wrong
2·11 months agoMost of my days are spent writing malware and studying and testing it to see how it infects a system and how to learn how to stop it I also study malware I find online.
When I say I use a VM almost all my time I don’t mean it as my actual “computer”
My computer is a 24 core threadripper beast with 64gbs of ram. When I study malware I do it strictly through a VM and when I’m browsing the word or YouTube I use a VM.
When I’m doing activities such as 3D printing and running my print farm I do not use a VM as it takes a lot of processing power and graphics power to run those programs.
I just like using VMs to learn about open sourced software and how it works and I like breaking and fixing things.
Cyber security is amazing but also sucks when you get a call at 3am lol
If you have any questions send me a message :D
I feel the same way. As someone who studies and works in cyber security I love teaching people about how to stay safe or at least as safe as possible.
Some people don’t go the degree I go to just to keep my stuff secure. I use hardened Arch kernels and I hardly even use arch my entire time I spend on a PC is through a VM. I have 2 computers one just for windows and gaming and then one for Linux and cyber security and coding stuff
I hate dual booting and do not like windows being close to my Linux install so I keep them separate on two different computers 😂
Other than doing 3D printing and rendering stuff all I do is study malware and writing my own programs.
2·11 months agoPop OS is based off of Ubuntu so I mean makes sense.
I also noticed that. It takes all the pressure off me though because I’m an arch user and have been for 10 years 😂
https://github.com/arindas/manjarno
https://www.hadet.dev/Manjaro-Bad/
Manjaro also has a “rolling release” model that isn’t actually fully rolling release. They hold back packages for a few weeks which in return has almost always destroyed the AUR for not only manjaro users but Arch users.
They lie about it being fully rolling. Not just that they have forgotten to sign their signature keys multiple times before releasing big updates.
Sure it’s an easier Arch for “beginners” but I’d say it’s easier to just install arch on a VM if you really want to learn and use arch that bad a VM is the best way.
Pure Arch is better than Manjaro. Hell I hate Ubuntu but I’d rather use that over Manjaro
You should give Gentoo a try. I’m a 12 year arch user. Gentoo is really solid and fun though. Or hell if you wanna go that advanced try LFS :)
You’re welcome friend!