Hello.
I was looking at the settings section of zorin os and found the firewall settings field. I checked the status and it is off by default, why is this?
By the way, I have no knowledge about firewalls.
I would appreciate it if you could tell me.
Thank you in advance.
Π‘Π°ΠΌ ΠΏΠΎ ΡΠ΅Π±Π΅ Π±ΡΠ°Π½Π΄ΠΌΠ°ΡΡΡ Π½Π΅ ΡΠ»ΠΎΠΆΠ΅Π½. ΠΡΡ Π΄Π΅Π»ΠΎ Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠ°Ρ , ΡΠ°ΠΌ Π³Π΄Π΅ ΠΎΠ½ΠΈ ΠΏΡΠΎΡΡΡ ΠΈ ΠΏΠΎΠ½ΡΡΠ½Ρ, ΠΊΠ°ΠΊ Π² Mac OS ΠΏΡΠΎΠ±Π»Π΅ΠΌ Π½Π΅Ρ, Π½ΠΎ Π² Windows ΠΈ Linux ΠΎΠ½ΠΈ ΠΈΠ»ΠΈ ΡΠ»ΠΎΠΆΠ½Ρ ΠΈΠ»ΠΈ Π½Π΅ ΠΏΠΎΠ½ΡΡΠ½Ρ. ΠΠ΅ ΡΡΠ°Π½Ρ ΠΏΡΠΎΡΠΈΡΡ ΠΏΠΎΠΌΠΎΡΠΈ Ρ ΡΠΏΠ΅ΡΠΈΠ°Π»ΠΈΡΡΠΎΠ² ΠΏΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π±ΡΠ°Π½Π΄ΠΌΠ°ΡΡΡΠ°, ΡΠ°ΠΊ ΠΊΠ°ΠΊ ΠΏΡΠΎΡΠΈΡΠ°Π» ΠΌΠ½ΠΎΠ³ΠΎ ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°ΡΠΈΠΉ, Π½ΠΈΡΠ΅Π³ΠΎ Π²ΡΠ°Π·ΡΠΌΠΈΡΠ΅Π»ΡΠ½ΠΎΠ³ΠΎ. ΠΠΎ Ρ Π±Ρ ΠΏΠΎΠΏΡΠΎΡΠΈΠ» ΡΠ°Π·ΡΠ°Π±ΠΎΡΡΠΈΠΊΠΎΠ² ΡΠΎΠ·Π΄Π°ΡΡ Π½ΠΎΡΠΌΠ°Π»ΡΠ½ΡΠΉ ΠΈ ΠΏΡΠΎΡΡΠΎΠΉ Π² Π½Π°ΡΡΡΠΎΠΉΠΊΠ°Ρ Π±ΡΠ°Π½Π΄ΠΌΠ°ΡΡΡ. Π ΠΊΠΎΡΠΎΡΠΎΠΌ ΠΌΠΎΠΆΠ½ΠΎ Π±ΡΠ»ΠΎ Π±Ρ ΠΏΡΠΎΡΡΠΎ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°ΡΡ Π²ΡΡ ΠΎΠ΄ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΠΎΠΌΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ Π² ΠΈΠ½ΡΠ΅ΡΠ½Π΅Ρ, Π΄ΠΎΠ±Π°Π²ΠΈΠ² Π΅Π³ΠΎ Π² ΡΠΏΠΈΡΠΎΠΊ ΠΈ ΡΠΊΠ°Π·Π°ΡΡ + ΠΈΠ»ΠΈ -
UFW is disabled by default because a firewall can interfere with many apps functionality.
Windows likes to hold the users hand and in return, all it asks for is Control.
On Linux, control is up to the user.
The user is responsible for ensuring that they only install software that requires root privileges when they have vetted the source.
If a user wishes to rely on a firewall, they can enable it and then allow or block ports as needed.
Linux operates differently, where you must authenticate (a lot) the actions you take with a password. The repositories you use already check packages being uploaded to them; such as Ubuntu and Debian Launchpad. Whenever I upload something to my repository, launchpad first installs it to a Virtual Test machine and checks it to ensure it behaves properly. Once it passes those tests, it then becomes available on APT.
The firewall is a good added measure of protection; but Linux encourages Learning, Growth and Knowledge rather than users giving up control for questionable security from a source that says "Trust me... Just trust me..."
In a car, a firewall is the bulkhead between the engine compartment and the vehicle occupants.
It acts as a solid buffer, preventing any engine fires from having access to the cabin.
This is not perfect, as smoke can get in through the Air Box (Vents). But it serves the function of preventing the fire from reaching the cabin swiftly. Occupants can escape the vehicle in plenty of time before the flames can reach the cabin.
In computers, the term was borrowed to demonstrate a buffer between The Outside Network and access to your computer.
Think of Ports
as the same kind of ports that ships dock at to unload or load items. In this case, we can think of those ships as transporting Packets
.
Packets access your computer and leave your computer through Ports.
If a port is open, packets can freely come and go - you can send and receive information and communication.
If a port is open - restricted, it can only send or receive packets from known or specific sources, rejecting any other sources.
If a port is closed, it cannot send or receive.
The Firewall governs the opening of ports - Allowing or Denying access.
I have mine on for incoming. Just had to punch holes for Zorin Connect and Plex. You can find the info here.
ΠΠ°ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΠΈΡΡ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΠ· ΠΏΠΎΡΡΠΎΠ² ΠΎΡΠ½ΠΎΡΠΈΡΡΡ ΠΊ ΡΠΎΠΌΡ ΠΈΠ»ΠΈ ΠΈΠ½ΠΎΠΌΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ? ΠΠΎΠΏΡΡΡΠΈΠΌ Ρ Ρ ΠΎΡΡ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°ΡΡ Π²ΡΡ ΠΎΠ΄ Π² ΡΠ΅ΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ΅ Cheese, ΠΊΠ°ΠΊ ΡΡΠΎ ΡΠ΄Π΅Π»Π°ΡΡ, ΠΊΠ°ΠΊΠΎΠΉ ΠΏΠΎΡΡ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°ΡΡ?
Π― ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ netstat. ΠΡΡΡ ΠΈ Π΄ΡΡΠ³ΠΈΠ΅ ΡΠΏΠΎΡΠΎΠ±Ρ.
I use netstat, though there are other ways.
sudo netstat -ano -p tcp
ΠΠ°ΠΊ ΡΠΎΠ»ΡΠΊΠΎ Π²Ρ ΡΠ·Π½Π°Π΅ΡΠ΅ ΡΠ²ΠΎΠΉ ΠΏΠΎΡΡ, Π²Ρ ΠΌΠΎΠΆΠ΅ΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ UFW, ΡΡΠΎΠ±Ρ Π·Π°Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°ΡΡ Π΅Π³ΠΎ (Π·Π°ΠΌΠ΅Π½ΠΈΡΠ΅ 1234 ΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈΠΌ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΠΎΡΡΠ°).:
Once you know your port, you can use UFW to block it (replace 1234 with the actual port number):
sudo ufw deny 1234
:Π½Π΅ ΠΏΠΎΠ½ΡΠ°Π²ΠΈΠ»ΠΎΡΡ:
ΠΡ ΠΌΠΎΠΆΠ΅ΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ nmap, Π΅ΡΠ»ΠΈ ΠΏΡΠ΅Π΄ΠΏΠΎΡΠΈΡΠ°Π΅ΡΠ΅. Π― ΠΏΠΎΠ΄ΠΎΠ·ΡΠ΅Π²Π°Ρ, ΡΡΠΎ Π²Π°ΠΌ Π½ΡΠΆΠ½ΠΎ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅ Ρ Π³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΌ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠΌ Π΄Π»Ρ ΡΡΠΎΠ³ΠΎ. Π― Π½Π΅ Π·Π½Π°Ρ Π½ΠΈ ΠΎΠ΄Π½ΠΎΠ³ΠΎ Π² Linux.
You can use nmap if you prefer. I suspect that you want a GUI application for it. I know of none in Linux.
sudo netstat -ano -p tcp Π’Π΅ΡΠΌΠΈΠ½Π°Π» Π²ΡΠ΄Π°Π» ΡΠ°ΠΊΠΎΠΉ ΠΊΠΎΠΌΠ°Π½Π΄Ρ Π½Π΅Ρ. ΠΠΎ ΡΡΠΎ Π½Π΅ Π²Π°ΠΆΠ½ΠΎ. ΠΠ° Π³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Π±ΡΠ»ΠΎ Π±Ρ Ρ ΠΎΡΠΎΡΠΎ. Π― ΡΠΌΡΠ΄ΡΠΈΠ»ΡΡ Π½Π°ΡΡΡΠΎΠΈΡΡ ΡΠ²ΠΎΠΉ Π±ΡΠ°Π½Π΄ΠΌΠ°ΡΡΡ ΠΏΠΎΠ΄ ΡΠ΅Π±Ρ. ΠΠΎ Π²ΡΠ°Π·ΡΠΌΠΈΡΠ΅Π»ΡΠ½ΠΎ ΠΎΠΏΠΈΡΠ°ΡΡ ΡΡΠΎ Π½Π΅ ΡΠΌΠΎΠ³Ρ. ΠΠ°Π΄ΠΎ ΡΠΊΠ°Π·Π°ΡΡ, ΡΡΠΎ Π±ΡΠ°Π½Π΄ΠΌΠ°ΡΡΡ Π²Π°ΠΆΠ½Π°Ρ ΡΠ°ΡΡΡ ΡΠΈΡΡΠ΅ΠΌΡ ΠΈ Π΅ΠΉ ΡΠ»Π΅Π΄ΡΠ΅Ρ ΡΠ΄Π΅Π»ΠΈΡΡ ΠΎΡΠΎΠ±ΠΎΠ΅ Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅ ΡΠ°Π·ΡΠ°Π±ΠΎΡΡΠΈΠΊΠ°ΠΌ, ΡΡΠΎΠ±Ρ Π½Π΅ ΠΏΡΠ»ΠΈΡΡΡΡ ΡΠ½ΡΠ»ΠΎ Π² ΡΠ΅ΡΠΌΠΈΠ½Π°Π».
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.