firewall

eglider86 · 8 February 2022 10:09

Hi, just came across this subject while running a diagnostic test on my pi-hole install.
I see that there are ufw and firewalld. Shall i use any of them, and if yes which is recommended?
thanks

Joulinar · 8 February 2022 10:14

This is not a black and white answer. It depends on your need and on the scenario you are running. Is you system internet facing? Means, do you have incoming internet traffic from outside your network? Or just local access?

eglider86 · 8 February 2022 10:21

I have several pi with different function in my local network. However i have one that hosts a nextcloud that is accessable from outside.

eglider86 · 8 February 2022 10:25

1pi: internet radio
2pi:NAS
3pi:Clooud
4pi:Media center
5pi:Pi-hole + downloader

Joulinar · 8 February 2022 10:27

Theoretically the firewall is already on your router. Next to that you forward port 80/443 to nextcloud system only. A firewall on that particular system won’t change anything as you would open very same ports usually. But of course you could install ufw. Another option is to install fail2ban to block system trying to access your nextcloud but using wrong passwords

eglider86 · 8 February 2022 10:32

thank you i understand.
firewalld or ufw then? pihole -d diagnostics was looking at firewalld. Does the pihole pi need a firewall extra?

Joulinar · 8 February 2022 10:42

PiHole themselves don’t need a firewall

eglider86 · 8 February 2022 10:43

so ufw is preferable?

Joulinar · 8 February 2022 10:47

ufw is a firewall as well. But again Pihole don’t need one as long as your system is not internet facing

eglider86 · 8 February 2022 11:07

jsut very last questioin:
shall install firewall on the machine hosting NC?

Joulinar · 8 February 2022 11:09

Of course you can install a firewall like ufw. As well think of failwban to block failed login attempts.

AnBad · 7 March 2023 08:59

So to summarize:

I understand that my Raspberry Pi running DietPi cannot be reached from outside the network unless port forwarding is set up on the main router. Is that correct?
As I understand further more applications which generate outgoing traffic and therefore incoming traffic as well to and form the internet have there own security settings. They do not need port forewarding at the router. A firewall changes nothing, right? As example the system time sync.
To check the outgoing and incoming traffic from applications and in a case of port forwarding, someone can use ufw. The log will be written into /var/log/ufw.log, right? This might be a good way to get any understanding what traffic is generated for further actions. Any suggestions?

Kind regards.

Joulinar · 10 March 2023 08:31

Yes

There are no direct security settings. As the traffic is generate by your apps, they will be able to get a feedback back. It always depends on who is the source generating traffic.

Correct

Not fully correct, you could block outgoing traffic

UFW will block traffic, to analyse your network traffic, you could use tcpdump or as tool wireshark

AnBad · 10 March 2023 18:24

OK, perfect. Thank you for the tip: tdpdump and wireshark.