Hey gang, studying firewalls tonight. I am preparing my computer for BTC and LN. I got Ubuntu installed. Is the stock UFW enough or do I need more? I will eventually get a pfSense router probably. Do I need the hardware, is software enough, do I need specialized software, do I use both? As usual, I don't know enough to know what questions to ask. My goal is the ultimate in security. Any thoughts, comments or suggestions would be greatly appreciated. Any suggested resources to learn more?

ufw should work fine. Don't worry too much about anything else.

For the past several years routers have included their own firewall, it serves mostly as a means to provide QoS (stop me if you remember online video games several years ago and the hell of "port forwarding")

Two links I'll give you on learning to do command line stuff. <-- Nicely Organized Tutorial Website <-- series of "games" meant to teach you Linux cli

@amp pfSense gateway devices were recommended by two people and I am considering a pfSense router (cheapest is $350!) but their software doesn't work on Linux. I had already run across LinuxCommand, thanks for the other.

@amp I am curious, if ufw is fine, why would you need all those paid commercial firewalls? How common are the threats that you would need something more than what comes with Ubuntu?

So I'm not 100% sure how to parse your questions, but at a guess:

The Big Paid Commercial Firewalls are for medium-to-large business where a small IT team needs to micromanage firewalls and network access of upwards of hundreds of machines.

My guess is you're protecting just your desktop, or at most a home connection with less than 10 devices (desktops, laptops, phones, maybe some "Internet of things" pieces of shit). For just the one desktop, stick to ufw.

@amp So, they all basically do the same thing, but the commercial packages give you more options for micromanaging large networks. Automatically block all incoming except what I allow, and don't worry about the outgoing...pretty much sum it up?

You're getting there.

All firewalls, under the hood, do 1 thing -- See an incoming/outgoing connection attempt, and either reject it or allow it.

All the big software packages really are are just management tools for that. Like a hammer. All you really need is a rock and a stick, anything more than that is just convenience and ease-of-use.

@KingWm @amp you don't need anything more than ufw and maybe ip tables if you're running a server

@Shekelcoin @amp From what I can tell, UFW is the front end for IPTables. I spent several hours last night learning OpenSSH and setting up the remote access to my linux box. I learned quite a bit and had to practice with the UFW also. All of this through the command line, starting to get a feel for it, what a difference it is! Learning much, I feel empowered. Is it correct that you can do anything or most anything you need to with UFW, but commercial FW packages are easier, more friendly?

@KingWm @Shekelcoin
Yes, ufw is basically a front end for iptables to make it a bit more user friendly and easy to understand

Also, yes, there are software packages that are effectively front ends for ufw, to make it more user friendly and easy to understand, or to just provide it with a GUI interface.

@amp @Shekelcoin I feel like I will be able to learn the command line and won't need all that fancy stuff. I keep hearing that is the best thing to do anyway. I suspect I will be doing most everything remotely from my windows pc, so learning cli is going to be "forced". I have one more night probably studying linux security stuff, then I think I will try installing BitWarden. I don't want to install BTC & LN until I am more comfortable with linux. ty for all the input...

@KingWm @amp @Shekelcoin don't rush things, take the time to read and try abd then fuck things up, play extensively with bitcoin testnet. That's the only way to learn this stuff, at least that's the way I've been learning it for more than a year now.
Welcome to violence 😂

@Sosthene I agree. Frankly, I don't have a reason to be live yet. I am practicing with this refurbished Dell until I can afford to get a Power9 device and do it all over again. I am taking copious notes of everything I do.

@KingWm Refurbished Dell are great for going live too. I run my node on a 10 years old HP laptop that is literally falling apart 😱
I'm not using any computer that is less than 6 years I think.
Good idea to take notes, that's one of my biggest mistakes, I haven't been taking notes when making most of the stuff I learned 😓

@Sosthene I am planning to put it all on a website before it is done, sort of a how to be your own bank type of deal. Post all the stuff I read, what I did, how I did it, share BTCPay Server, etc. I think I got the right name, won't share until I get the domain 😉

@Sosthene I sure will. I will post the domain when I have it and I intend to ask for input. I am pretty excited about all of it, can't stop thinking about it. I HATE BANKS WITH A PASSION!

@amp started playing the "games". Not sure it will be as addictive as...say...Super Mario Brothers, but I definitely think it is going to be helpful, especially if you take some time to read the manual on the commands they suggest and do the follow the other links they suggest. Perhaps I will play a game or two or three a night...ty again

@KingWm I wanna say Round 13 of Bandit is where it really starts to ramp up what it wants you to know. I still think Bandit at least is a really good way to "trial by fire" your way into learning command line programs.

Probably the best thing about it is that you're "learning how to learn" not just learning individual commands.

@amp At the very least, it is a structured what to know what to learn. Obviously it starts at the beginning with most common or most useful commands and I am sure it will progress in a logical way. A concept I learned from TeamLaw, Learn how to learn from your own first hand study and while it may take a long time (vs someone giving u the answer) you LEARN SO MUCH MORE ABOUT OTHER THINGS ALONG THE WAY! Had 3 all-nighters in a row, can't do another tonight, must go to bed

@KingWm @amp now that you're becoming familiar with the command line, you should try to do most of your software installs and stuff through it ( as opposed to the gui) it will help the knowledge stick in your head. Also start learning how to create and edit files with vim/nano

@Shekelcoin @KingWm

This time next month he'll be subbed to Luke Smith on Youtube and constantly browsing /r/unixporn.

@amp @KingWm i agree once the command line stops being intimidating, there is no turning back. He'll be posting about how shitty windows is and how he cant understand how long it took to make the switch, next month

@Shekelcoin @KingWm

Wait, I spent all that effort fucking around with "The Registry" when I could have used a system that just uses config files in ~/.config ?

Wait, I can do a full-clean-and-reinstall of my whole system just by exporting my package list and backing up my home folder and be back up and running in MINUTES?

@amp @Shekelcoin That sounds interesting. I can't wait to learn about that. I keep trying to justify buying that Power9 PC and am always thinking of other use cases to justify it. The deeper I get into the weeds, the more I think of 😜 But...must get more bitcoin...

@KingWm @Shekelcoin
You sure?

We have terminals you could only dream of over here.

@amp @Shekelcoin I don't even know what that is! At least not yet... You must have a WIDE monitor...

@KingWm @Shekelcoin
Linux Distribution: Arch
Desktop Environment: AwesomeWM
Terminal Emulator: urxvt with transparency set to ~30% (Hence you can see my wallpaper behind it, anything in a transparent window is techincally a command line program)

Windows from left to right:
qutebrowser (viewing Mastodon)
On top, my music player -- ncmpcpp
bitcoin-cli getnetwork info piped into lolcat (hence rainbow text)
bitcoin-cli getblockchain info also piped into lolcat

@KingWm @Shekelcoin
nethogs (active monitor of network activity by program, so I can know if anything is hogging my bandwidth)
gtop -- system monitor command line tool
and finally on the far right my code writing environment, using vim and tmux.

And I have two monitors, not one ultrawide.

@amp by the way, just noticed the longhorn, r u around Austin?

@KingWm I have my bachelors degree in Electrical and Computer Engineering from UTAustin, but I moved to Chicago, IL a few years ago.

@amp I am within an hour of Austin, and am a "wet Aggie" (not College Station but somewhere else) 😜

@amp @Shekelcoin and my degree is only related to computer science. I loved the c++ programming class, but I was that guy sleeping in the back of the database class cuz the professor was boring...

@amp @KingWm you have a pretty sweet setup. I just started playing with arch a couple days ago. I started using manjaro as my distro on my amd laptop, and i had to learn about arch since its based on arch, and it sparked enough curiosity, that i spent allday yesterday installing it in a vm and got gnome up and running as my desktop environment. Now i want to make it look pretty like that.

@Shekelcoin @KingWm
Honestly I wouldn't know the first step on ricing a full Desktop Environment like GNOME or KDE.

/r/unixporn might be a good place to start though.

I actually did some fiddling with my setup today, decided to move over from xterm to urxvt to get the transparency going, and I'm toying with qutebrowser right now, I'm liking the options it gives and the changeup of using a keyboard-centric web browser.

@amp @KingWm I am just learning about ricing, i am willing to just use a wm and figure it all out over the next couple of months

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!