Hey gang, studying firewalls tonight. I am preparing my computer for BTC and LN. I got Ubuntu installed. Is the stock UFW enough or do I need more? I will eventually get a pfSense router probably. Do I need the hardware, is software enough, do I need specialized software, do I use both? As usual, I don't know enough to know what questions to ask. My goal is the ultimate in security. Any thoughts, comments or suggestions would be greatly appreciated. Any suggested resources to learn more?
ufw should work fine. Don't worry too much about anything else.
For the past several years routers have included their own firewall, it serves mostly as a means to provide QoS (stop me if you remember online video games several years ago and the hell of "port forwarding")
Two links I'll give you on learning to do command line stuff.
http://linuxcommand.org/ <-- Nicely Organized Tutorial Website
http://overthewire.org/wargames/ <-- series of "games" meant to teach you Linux cli
@amp pfSense gateway devices were recommended by two people and I am considering a pfSense router (cheapest is $350!) but their software doesn't work on Linux. I had already run across LinuxCommand, thanks for the other.
@amp I am curious, if ufw is fine, why would you need all those paid commercial firewalls? How common are the threats that you would need something more than what comes with Ubuntu?
So I'm not 100% sure how to parse your questions, but at a guess:
The Big Paid Commercial Firewalls are for medium-to-large business where a small IT team needs to micromanage firewalls and network access of upwards of hundreds of machines.
My guess is you're protecting just your desktop, or at most a home connection with less than 10 devices (desktops, laptops, phones, maybe some "Internet of things" pieces of shit). For just the one desktop, stick to ufw.
@amp So, they all basically do the same thing, but the commercial packages give you more options for micromanaging large networks. Automatically block all incoming except what I allow, and don't worry about the outgoing...pretty much sum it up?
You're getting there.
All firewalls, under the hood, do 1 thing -- See an incoming/outgoing connection attempt, and either reject it or allow it.
All the big software packages really are are just management tools for that. Like a hammer. All you really need is a rock and a stick, anything more than that is just convenience and ease-of-use.
@Shekelcoin @amp From what I can tell, UFW is the front end for IPTables. I spent several hours last night learning OpenSSH and setting up the remote access to my linux box. I learned quite a bit and had to practice with the UFW also. All of this through the command line, starting to get a feel for it, what a difference it is! Learning much, I feel empowered. Is it correct that you can do anything or most anything you need to with UFW, but commercial FW packages are easier, more friendly?
Also, yes, there are software packages that are effectively front ends for ufw, to make it more user friendly and easy to understand, or to just provide it with a GUI interface.
@amp @Shekelcoin I feel like I will be able to learn the command line and won't need all that fancy stuff. I keep hearing that is the best thing to do anyway. I suspect I will be doing most everything remotely from my windows pc, so learning cli is going to be "forced". I have one more night probably studying linux security stuff, then I think I will try installing BitWarden. I don't want to install BTC & LN until I am more comfortable with linux. ty for all the input...
@Sosthene I agree. Frankly, I don't have a reason to be live yet. I am practicing with this refurbished Dell until I can afford to get a Power9 device and do it all over again. I am taking copious notes of everything I do.
@KingWm Refurbished Dell are great for going live too. I run my node on a 10 years old HP laptop that is literally falling apart 😱
I'm not using any computer that is less than 6 years I think.
Good idea to take notes, that's one of my biggest mistakes, I haven't been taking notes when making most of the stuff I learned 😓
@Sosthene I am planning to put it all on a website before it is done, sort of a how to be your own bank type of deal. Post all the stuff I read, what I did, how I did it, share BTCPay Server, etc. I think I got the right name, won't share until I get the domain 😉
@KingWm great, let me know if you need any help
@Sosthene I sure will. I will post the domain when I have it and I intend to ask for input. I am pretty excited about all of it, can't stop thinking about it. I HATE BANKS WITH A PASSION!
@amp started playing the "games". Not sure it will be as addictive as...say...Super Mario Brothers, but I definitely think it is going to be helpful, especially if you take some time to read the manual on the commands they suggest and do the follow the other links they suggest. Perhaps I will play a game or two or three a night...ty again
@KingWm I wanna say Round 13 of Bandit is where it really starts to ramp up what it wants you to know. I still think Bandit at least is a really good way to "trial by fire" your way into learning command line programs.
Probably the best thing about it is that you're "learning how to learn" not just learning individual commands.
@amp At the very least, it is a structured what to know what to learn. Obviously it starts at the beginning with most common or most useful commands and I am sure it will progress in a logical way. A concept I learned from TeamLaw, Learn how to learn from your own first hand study and while it may take a long time (vs someone giving u the answer) you LEARN SO MUCH MORE ABOUT OTHER THINGS ALONG THE WAY! Had 3 all-nighters in a row, can't do another tonight, must go to bed now...gn...
Wait, I spent all that effort fucking around with "The Registry" when I could have used a system that just uses config files in ~/.config ?
Wait, I can do a full-clean-and-reinstall of my whole system just by exporting my package list and backing up my home folder and be back up and running in MINUTES?
Linux Distribution: Arch
Desktop Environment: AwesomeWM
Terminal Emulator: urxvt with transparency set to ~30% (Hence you can see my wallpaper behind it, anything in a transparent window is techincally a command line program)
Windows from left to right:
qutebrowser (viewing Mastodon)
On top, my music player -- ncmpcpp
bitcoin-cli getnetwork info piped into lolcat (hence rainbow text)
bitcoin-cli getblockchain info also piped into lolcat
@amp by the way, just noticed the longhorn, r u around Austin?
@KingWm I have my bachelors degree in Electrical and Computer Engineering from UTAustin, but I moved to Chicago, IL a few years ago.
@amp I am within an hour of Austin, and am a "wet Aggie" (not College Station but somewhere else) 😜
@amp @KingWm you have a pretty sweet setup. I just started playing with arch a couple days ago. I started using manjaro as my distro on my amd laptop, and i had to learn about arch since its based on arch, and it sparked enough curiosity, that i spent allday yesterday installing it in a vm and got gnome up and running as my desktop environment. Now i want to make it look pretty like that.
/r/unixporn might be a good place to start though.
I actually did some fiddling with my setup today, decided to move over from xterm to urxvt to get the transparency going, and I'm toying with qutebrowser right now, I'm liking the options it gives and the changeup of using a keyboard-centric web browser.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!