Hi /g/uys! Firewall thread. What do you think about firewall?

>block incoming connections
>????
>PROFIT!

File: 1428511416656.jpg (23KB, 500x334px) Image search: [Google]

23KB, 500x334px

just tried ufw on last vps i setup instead of the usual iptables setup tutorial
mfw might not need to manually setup iptables ever again

>>58593623
>be me
>buy vps
>connect via ssh
>enable ufw
>got kicked out because incoming connections are blocked by default
>had to contact support telling them I've locked myself out of my own vps
I felt like retard

>>58592073
Firewalls block incoming traffic so your computer doesn't respond.
Antivirus software compare software on your computer to a database of known malware.

Good settings for iptables?
Block everything and make exceptions.
Block ping. It will confuse your enemies.

you should have control over simple server setups and personal machines so firewalls for said cases are likely useless.

if you need one, it's probably to prevent shitters from causing unnecessary traffic to your services, like faggots that try to ssh into your machine trying to get in.

>>58592073
>Hi /g/uys! Firewall thread. What do you think about firewall?
A must, these days.

> Is it true that if you have a good firewall you don't really need an antivirus?
No, a firewall will not protect you from a "friend" plugging his massively infected USB drive into your computer.

>Post your firewall rules. How can I make best firewall?
You also need deep packet inspection, like Snort.

>I use iptables and I like it but I'd like to fully understand and know everything about firewall in general.
Very good. A starting point is to get a ready made distribution such as Smoothwall and see how it is put together.
Here is a list to chose from: https://lwn.net/Distributions/#secure

Security is hard. Assumptions is what caused the massive Debian security lapse. You'd better start my looking at what the experts do. And question all assumptions.

>>58593672
had happend to everyone once.
no need to be ashamed

>>58594758
OP here..Thank you very much for your answer.

>>58592073
>Is it true that if you have a good firewall you don't really need an antivirus?
A firewall is merely a filter, it doesn't know what the incoming (or outgoing) packet does, it only knows the packet want to pass through, if the packet's destination (or provenience) is blacklisted, the firewall will deny it, if not blacklisted then it will allow it. That's all there is to it.
An anti-virus scans existing files, files on removable media and downloading files (that the firewall didn't block), it checks their hashes to compare them with the blacklisted hashes list, which is constantly updated at the master server.
Anti-viruses also have heuristic protection, heuristic means that the AV analyzes the behavior of applications and compares it with known malware behaviour, so even new malware that has yet to be blacklisted can be stopped, if it is detected as potential threat.

File: 3650black.jpg (122KB, 600x600px) Image search: [Google]

122KB, 600x600px

>>58592073
>Baseline
cut out every app and service that you don't need
take note of all apps and services you are going to keep
make sure they get all the latest updates and patches
establish backup for your data and keep it off of your computer (everything on your drive that isn't an app or service)
update backups a few times each month
>Anti-Virus
look at reviews for any antivirus to see if its good
keep it updated
people write malware that specifically targets well known antivirus programs
popular software will have dedicated teams that give you the latest updates on new viruses
>Firewall
either whitelist or blacklist
use a URL filter

Viruses still get through firewalls and sometimes they don't even have to, they could come from a CD or USB drive. Your anti-virus will be used for your petty and medium malware quickly. But for badass high end spyware and ransomware that can't be killed by antivirus, just factory reset your machine and or get a new drive and load your latest backup.

It might seem retarded but its actually more viable to factory reset after one virus if you baseline and have backups, that are updated regularly, ready to go.