Endpoint Firewall

Introduction

A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

If your computer was a castle, this is the front gate. Nothing goes in or out without being approved by the Firewall.

For the end user (you) most of this is already configured for you either by your internet service provider (Cox, Xfinity/Comcast, etc) or by your organization’s system administration, but since your computer is not always connected to secure networks, almost every operating system on the market is packaged with host-based firewalls that are typically enabled by default. To verify yours is enabled, follow the steps below for your operating system to ensure maximum security on every network.

Procedures

Enabling Windows Defender Firewall

Microsoft provides a firewall baked into Windows 10+ that works quite well. Microsoft recommends the default settings be kept whenever possible when using their firewall.

1. Go to Search and type in Control Panel.
2. Select System and Security > Windows Defender Firewall.
3. Choose Turn Windows Defender Firewall on or off.
4. Select Turn on Windows Defender Firewall for domain, private, and public network settings.
5. Enable Block all incoming connections, including those in the list of allowed apps for maximum security.

Enabling Mac Firewall

1. On your Mac, choose Apple menu > System Preferences.
2. Click Security & Privacy.
3. Then click Firewall in the element selector along the top of the window.
   • If the lock at the bottom left is locked, click it to unlock the preference pane.
   • You may be prompted to enter your user’s password at this point; this is normal.
4. Click Turn On Firewall. Once your screen shows Firewall: On, you are all set!
5. Click Firewall Options and do the following:
   • Allow only essential apps and services to connect: Select the Block all incoming connections checkbox

Linux

Debian

The Debian firewall is not installed by default. Similar to Ubuntu, Debian uses “Uncomplicated Firewall” (ufw) as its firewall.

To install ufw:

1. Run these commands in Terminal

    sudo apt update
    sudo apt install ufw
   

   Important: If you are using an SSH connection to connect remotely, you need to allow incoming SSH connections. If this is not you, skip to number 3.

2. (Optional) Allow SSH connections:
   • Before enabling the UFW firewall first, you need to allow incoming SSH connections.
   • If you’re connecting to your server from a remote location, and you enable the UFW firewall before explicitly allow incoming SSH connections you will no longer be able to connect to your Debian server.
   • To configure your UFW firewall to accept SSH connections, run the following command:

     sudo ufw allow OpenSSH
     

   • By default SSH uses port 22. If your configuration is using another port, use the command

       sudo ufw allow <port>/tcp
     

     where <port> is the port your configuration is using.
3. Now that the UFW firewall is configured to allow incoming SSH connections, enable it by running:

    sudo ufw enable
   

   The output from the terminal will look like:

    Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
    Firewall is active and enabled on system startup
   

   You will be warned that enabling the firewall may disrupt existing ssh connections. Type “y” and press “Enter”.

Ubuntu

Ubuntu’s “Uncomplicated Firewall” (ufw) is initially disabled. To enable it, go to the terminal prompt and enter:

  sudo ufw enable

Fedora

The Fedora firewall is not installed by default.

firewalld is a firewall service daemon that provides a dynamic customizable host-based firewall with a D-Bus interface. Being dynamic, it enables creating, changing, and deleting the rules without the necessity to restart the firewall daemon each time the rules are changed.

1. To install firewalld, run this command on the command line:

    sudo dnf install firewalld
   

2. Start firewalld by entering the following commands:

    sudo systemctl unmask firewalld
    sudo systemctl start firewalld
   

3. (Recommended) To make firewalld start automatically at system start:

    sudo systemctl enable firewalld
   

Other

If you have questions that are not covered in this procedure, please contact the VT IT Security Office itso@vt.edu for a consultation.

Resources

• Enabling Windows Defender Firewall
• Block connections to your Mac with a firewall
• Firewall Best Practices
• Fedora
• Ubuntu
• Debian