[Question/Guide] - How and Why should you use a firewall?

  • So this is a simple question for a noob trying to wrap my head around some things.

    • Why use firewall?
    • When should you use it?
    • How can you learn to configure it rather then just filling out what someone has told me?
    • Why not just port forward?

    I've kinda searched around and I keep people showing solutions but not how to solve them. I think that would be more helpful. I think it would be better so more people could find the solution them self rather then relying on others. Yes I know this isn't a school if you don't want to share your knowledge or input you don't have to. Though It would be greatly appreciated and I'm sure many would benefit if you did. If put something that is wrong please let me know, provide me with the correction and I will fix it.



    I will post everything I have learnt below to make it easier for others to find for others. Anything that has a "???" is something I don't know the answer.


    Answers to my Questions:


    Q: Why use a firewall?
    A: It is a way to secure your OMV. when you expose it directly to the internet and bypass your router firewall via DMZ or if your router dose not have a built in firewall. It helps you to make rules of what data can be exchanged, which port/IP that data can go to, and If the data is coming or going.???


    Q: When should you use a firewall?
    A: If you have no firewall to protect your server or if you want restrict what can access or be sent from your server.


    Q:How can you learn to configure it rather then just filling out what someone has told me? (I know this is a big one and any help would be great)?
    A: ???


    Q: Why not just port forward?
    A: Port forwarding gives the outside internet full access to that port. It lets you expose an application or service to that port with that ip through your the firewall or your router. So if you want to be more secure, you want to restrict and give only the access that is needed rather then giving the outside world full access. To give an example think your LAN as a ship yard and the WAN as the a ocean. If you have an open port any ship can dock at that port and drop off, look at, or pick up the packages; if there is no other security put in place. Firewall would be a Port Supervisor and telling people what packages they can and cannot take, look at, or drop off. Firewall would also able to manage were ships can dock at which port and do the same for the packages leaving the shipyard.


    Things I have learned


    I'm going to start of with the configuration of an rule(See Image below). I will describe it from top to bottom what each section means and give examples and how to make once I figure it out or some informs me.



    Direction:Is the state of what the data is doing and if it coming from behind the firewall to outside or vice versa
    INPUT - This chain is used to control the behavior for incoming connections. For example, if a user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port to a rule in the input chain.
    OUTPUT - This chain is used for outgoing connections. For example, if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.


    Actions:Is what the firewall actually doing and define what the iptable entry does.
    ACCEPT - Allow the connection
    REJECT - Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.
    DROP - Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.
    LOG - The log is saved in dmesg or syslog. It will help you to show what is wrong and going on.
    NOTHING - It does nothing. This is here so you can add extra arguments to ports and IPs without affecting other rules and keeping it separate.


    Source/Destination (IP): Address can bed wither a Network IP address (with a /mask), IP Range or a plain IP Address. A "!" argument before the address specification inverts the sense of the address.
    Plain IP - ex. 10.10.10.0 - just a single IP that is defined
    IP Rang - ex. 10.10.10.0/24 is equal to 10.10.10.0 to 10.10.10.24 - This is so you have multiple IP Address targeting the same function.
    Mask - ex. 10.10.10.0/255.255.255.0 - ???
    ! - ex. !10.10.10.0 - ???


    Source/Destination Port: Match if the source port is one of the given ports. Can be a plain port number, Port rang, or argument.
    Pain Port - ex. 21 - just a single Port that is defined
    Port Rang - ex. 1024-65535 -is equal to 1024 to 65535 - This is so you can target multiple ports rather making a rule for each port.
    ! - ex !443 - ???


    Protocall:
    TCP - Transmission Control Program - This deals only with packets, it establishes a host-to-host communication to connection and exchange streams of data. It guarantees delivery of data and that packets will be delivered in the same order in which they were sent.
    UDP - User Datagram Protocol - Sends messages, called datagrams, and It provides port numbers to help distinguish different user requests and, optionally, a checksum capability to verify that the data arrived intact.
    ICMP - Internet Control Message Protocol - it is error-reporting protocol that creates and sends messages to IP address indicating that a gateway to the Internet that a router, service or host cannot be reached for packet delivery. It is not a transport protocol that sends data between systems
    ALL - is a setting that enables the TCP, UDP, and ICMP protocals
    NOTTCP - is a setting that enables ONLY UDP and ICMP protocals
    NOTUDP - is a setting that enables ONLY TCP and ICMP protocals
    NOTICMP - is a setting that enables ONLY TCP and UDP protocals


    Extra Options:This is here so you can run code, functions, or commands along side the rule.
    ???


    Comment: this is a field in which you can put a text to help you keep track on what the setting is for and any notes you have about it.



    Commonly Used Application Ports


    Legend:
    [Port Number]:[Service name] - [Transport protocol/Default port] [Reference]


    21: FTP - File Transfer Protocol - TCP
    22: SSH - Secure Shell - TCP and UDP
    80: HTTP - HyperText Transfer Protocol - TCP
    443: HTTPS - Hypertext Transfer Protocol Secure - TCP and UDP
    3000: Wetty - Default port - https://hub.docker.com/r/xylphid/wetty/
    3389: Remote Desktop Protocol - TCP and UDP
    3579: Ombi - Default Port - https://hub.docker.com/r/linuxserver/ombi
    7878: Radarr - Default Port - https://hub.docker.com/r/linuxserver/radarr
    8080: Nextcloud - Default Port - https://hub.docker.com/_/nextcloud
    8083: Calibre - Default Port - https://hub.docker.com/r/linuxserver/calibre-web
    8096 , 8920: Emby - Default Ports - https://hub.docker.com/r/emby/embyserver
    8123 : Homeassistant - Default Port - https://hub.docker.com/r/homeassistant/home-assistant
    8180: Tautulli - Default Port - https://hub.docker.com/r/tautulli/tautulli
    8181: Headphones - Default Port - https://hub.docker.com/r/linuxserver/headphones
    8686: Lidarr - Default Port - https://hub.docker.com/r/linuxserver/lidarr
    8989: Sonarr - Default Port - https://hub.docker.com/r/linuxserver/sonarr
    9000: Portainer - Default Port - https://hub.docker.com/r/portainer/portainer
    9091, 51413: Transmission - Default Ports - https://hub.docker.com/r/linuxserver/transmission
    9117: Jackett - Default Port - https://hub.docker.com/r/linuxserver/jackett
    32400, 32469, 5353,1900 : Plex - Default Ports - https://hub.docker.com/r/linuxserver/plex

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!