Host Firewall
Host Firewall Installation and Configuration
The wiki page provides recommendations for host firewall settings and testing. It suggests installing a host firewall, filtering ports, using a NAT router, and performing port scans to ensure security.
Contents
Introduction[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Introduction
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Introduction|Introduction]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Introduction](https://www.kicksecure.com/wiki/Host_Firewall#Introduction)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Introduction](https://www.kicksecure.com/wiki/Host_Firewall#Introduction)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Introduction]Introduction[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
It is recommended to use a simple host firewall and deny any incoming connections on all ports. gufw provides a simple graphical user interface for the Uncomplicated Firewall program. [1] It is easy to perform common tasks like blocking or allowing P2P, individual, or pre-configured ports.
https://forums.kicksecure.com/t/kicksecure-firewall/378
Essential[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Essential
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Essential|Essential]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Essential](https://www.kicksecure.com/wiki/Host_Firewall#Essential)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Essential](https://www.kicksecure.com/wiki/Host_Firewall#Essential)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Essential]Essential[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
How-to: Install and Configure a Firewall[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#How-to:_Install_and_Configure_a_Firewall
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#How-to:_Install_and_Configure_a_Firewall|How-to: Install and Configure a Firewall]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[How-to: Install and Configure a Firewall](https://www.kicksecure.com/wiki/Host_Firewall#How-to:_Install_and_Configure_a_Firewall)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[How-to: Install and Configure a Firewall](https://www.kicksecure.com/wiki/Host_Firewall#How-to:_Install_and_Configure_a_Firewall)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#How-to:_Install_and_Configure_a_Firewall]How-to: Install and Configure a Firewall[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
The following steps install gufw on a Kicksecure or Debian (based) host.
1. Install gufw.
Click = Copy Copied to clipboard! sudo apt update && sudo apt install gufw
2. Start gufw.
Click = Copy Copied to clipboard! gufw
3. Press Unlock
. Enter the password.
4. Press Enabled
. [2]
5. Check the settings.
By default, the settings should be Incoming: Deny
and Outgoing: Allow
.
Although not recommended, it is possible to add special firewall rules, use pre-configured options for common programs and services, or set other advanced options in gufw by following this guide.
Advanced Users[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Advanced_Users
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Advanced_Users|Advanced Users]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Advanced Users](https://www.kicksecure.com/wiki/Host_Firewall#Advanced_Users)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Advanced Users](https://www.kicksecure.com/wiki/Host_Firewall#Advanced_Users)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Advanced_Users]Advanced Users[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Dedicated Connection[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Dedicated_Connection
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Dedicated_Connection|Dedicated Connection]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Dedicated Connection](https://www.kicksecure.com/wiki/Host_Firewall#Dedicated_Connection)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Dedicated Connection](https://www.kicksecure.com/wiki/Host_Firewall#Dedicated_Connection)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Dedicated_Connection]Dedicated Connection[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
If possible, it is safer to avoid sharing the network (LAN, Wi-Fi, hotspot) with other potentially compromised machines.
Filtering Ports[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Filtering_Ports
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Filtering_Ports|Filtering Ports]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Filtering Ports](https://www.kicksecure.com/wiki/Host_Firewall#Filtering_Ports)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Filtering Ports](https://www.kicksecure.com/wiki/Host_Firewall#Filtering_Ports)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Filtering_Ports]Filtering Ports[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
From time to time a user asks which incoming/outgoing ports are required by Kicksecure. The answer is:
- Incoming:
none
. - Outgoing:
all
.
Note: Kicksecure itself does not open any ports. Users are advised to close all ports on the host as outlined in the Host Firewall Essentials entry.
See also: Ports
NAT Router[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#NAT_Router
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#NAT_Router|NAT Router]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[NAT Router](https://www.kicksecure.com/wiki/Host_Firewall#NAT_Router)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[NAT Router](https://www.kicksecure.com/wiki/Host_Firewall#NAT_Router)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#NAT_Router]NAT Router[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Being behind an ordinary NAT router might provide a marginal layer of extra security. In all cases, it is recommended to purchase a commercial-grade router and avoid cheap models, since they are often less-secure.
It is also suggested to review the entire Router and Local Area Network Security chapter, particularly:
- Recommended Router Settings.
- Advanced users: Flash the router with an open-source GNU/Linux distribution for better security, control and functionality.
Port Scan[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Port_Scan
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Port_Scan|Port Scan]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Port Scan](https://www.kicksecure.com/wiki/Host_Firewall#Port_Scan)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Port Scan](https://www.kicksecure.com/wiki/Host_Firewall#Port_Scan)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Port_Scan]Port Scan[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Using an Internet-based port scanner service to test the local LAN's router/firewall is a sensible idea. Users must carefully research and find a legitimate service, since many companies only want to sell a product and will purposefully present false positives. A better alternative is to scan the local LAN with a port scanning application from an external IP address. To scan the home IP address, users can either login remotely (SSH) via an external machine, or proxy through an external IP address. Detailed instructions on accomplishing that are beyond the scope of this document.
A special case is presented by users who share a LAN with other PCs (a stand-alone machine is not used). In this instance, the port scanning/testing service or a port scan application from an external IP address will actually only scan the local LAN's router/firewall and not the actual host's PC. If the latter is mis-configured, then the user could be susceptible to attacks from other machines within the LAN which sit behind the router, and a false sense of security could be the result.
For example, if the user shares the LAN with flatmates who are not so sophisticated in computer security, then those foreign machines should be regarded as potentially malicious. There is every possibility they may have been infected with a botnet already or other harmful programs. Therefore, the user cannot trust the output of a port scan application running on their machine. If there is no spare machine for testing, then foreign computers on the LAN can be booted from a live CD, and the user can scan their personal machine with a port scan application. Details on how to accomplish that task are also outside the scope of this document.
Footnotes[edit]
Copy or share this direct link!
Click = Copy
Copied to clipboard!
https://www.kicksecure.com/wiki/Host_Firewall#Footnotes
Click below ↴ = Copy to Clipboard
Click = Copy
Copied to clipboard!
[[Host_Firewall#Footnotes|Footnotes]]
Copy as Wikitext
Click = Copy
Copied to clipboard!
[Footnotes](https://www.kicksecure.com/wiki/Host_Firewall#Footnotes)
for Discourse, reddit, GitHub
Click = Copy
Copied to clipboard!
[Footnotes](https://www.kicksecure.com/wiki/Host_Firewall#Footnotes)
Copy as Markdown
Click = Copy
Copied to clipboard!
[url=https://www.kicksecure.com/wiki/Host_Firewall#Footnotes]Footnotes[/url]
Copy as phpBB
Click below ↴ = Open social URL with share data
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Copy as Wikitext Click = Copy Copied to clipboard! [Host Firewall](https://www.kicksecure.com/wiki/Host_Firewall)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Host Firewall](https://www.kicksecure.com/wiki/Host_Firewall)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Host_Firewall]Host Firewall[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!