Zorin os firewall is off by default

Hello.
I was looking at the settings section of zorin os and found the firewall settings field. I checked the status and it is off by default, why is this?
By the way, I have no knowledge about firewalls.
I would appreciate it if you could tell me.
Thank you in advance.

Сам по себе брандмауэр не сложен. Всё дело в настройках, там где они просты и понятны, как в Mac OS проблем нет, но в Windows и Linux они или сложны или не понятны. Не стану просить помощи у специалистов по настройке брандмауэра, так как прочитал много рекомендаций, ничего вразумительного. Но я бы попросил разработчиков создать нормальный и простой в настройках брандмауэр. В котором можно было бы просто блокировать выход конкретному приложению в интернет, добавив его в список и указать + или -

UFW is disabled by default because a firewall can interfere with many apps functionality.
Windows likes to hold the users hand and in return, all it asks for is Control.

On Linux, control is up to the user.
The user is responsible for ensuring that they only install software that requires root privileges when they have vetted the source.
If a user wishes to rely on a firewall, they can enable it and then allow or block ports as needed.
Linux operates differently, where you must authenticate (a lot) the actions you take with a password. The repositories you use already check packages being uploaded to them; such as Ubuntu and Debian Launchpad. Whenever I upload something to my repository, launchpad first installs it to a Virtual Test machine and checks it to ensure it behaves properly. Once it passes those tests, it then becomes available on APT.
The firewall is a good added measure of protection; but Linux encourages Learning, Growth and Knowledge rather than users giving up control for questionable security from a source that says "Trust me... Just trust me..."

In a car, a firewall is the bulkhead between the engine compartment and the vehicle occupants.
It acts as a solid buffer, preventing any engine fires from having access to the cabin.
This is not perfect, as smoke can get in through the Air Box (Vents). But it serves the function of preventing the fire from reaching the cabin swiftly. Occupants can escape the vehicle in plenty of time before the flames can reach the cabin.

In computers, the term was borrowed to demonstrate a buffer between The Outside Network and access to your computer.
Think of Ports as the same kind of ports that ships dock at to unload or load items. In this case, we can think of those ships as transporting Packets.
Packets access your computer and leave your computer through Ports.
If a port is open, packets can freely come and go - you can send and receive information and communication.
If a port is open - restricted, it can only send or receive packets from known or specific sources, rejecting any other sources.
If a port is closed, it cannot send or receive.
The Firewall governs the opening of ports - Allowing or Denying access.

2 Likes

I have mine on for incoming. Just had to punch holes for Zorin Connect and Plex. You can find the info here.

Как определить какой из портов относится к тому или иному приложению? Допустим я хочу блокировать выход в сеть программе Cheese, как это сделать, какой порт блокировать?

Я использую netstat. Есть и другие способы.
I use netstat, though there are other ways.

sudo netstat -ano -p tcp

Как только вы узнаете свой порт, вы можете использовать UFW, чтобы заблокировать его (замените 1234 фактическим номером порта).:

Once you know your port, you can use UFW to block it (replace 1234 with the actual port number):

sudo ufw deny 1234

:не понравилось:

Вы можете использовать nmap, если предпочитаете. Я подозреваю, что вам нужно приложение с графическим интерфейсом для этого. Я не знаю ни одного в Linux.


You can use nmap if you prefer. I suspect that you want a GUI application for it. I know of none in Linux.

sudo netstat -ano -p tcp Терминал выдал такой команды нет. Но это не важно. Да графический интерфейс было бы хорошо. Я умудрился настроить свой брандмауэр под себя. Но вразумительно описать это не смогу. Надо сказать, что брандмауэр важная часть системы и ей следует уделить особое внимание разработчикам, чтобы не пялиться уныло в терминал.