Announcement

**wizard10000** · Aug 30, 2011, 06:34 AM

Re: Firewall problems

ping doesn't use a port. As root, open /etc/ufw/before.rules and find

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

and change all the ACCEPTs to DROP.

I wouldn't worry too much about the TCP NULL packets but if you want to fix that you'll need to create an iptables rule. As root, put this in /etc/rc.local ahead of the "exit 0" line -

iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags ! SYN,RST,ACK,FIN,URG,PSH SYN,RST,ACK,FIN,URG,PSH -j DROP

(that all goes on one line)

Hope this helps -

**Rob_H** · Sep 03, 2011, 08:25 AM

Re: Firewall problems

Originally posted by Gray2011

I would like to know where to access the Firewall settings and to configure them so all of the relevant ports can be stealthed. I know this is easy to do with software like Norton Security on Windows, and I am hoping that someone will be able to show me how to accomplish this easily with Kubuntu.

The GUI for changing firewall settings is called "gufw" and can be installed from the repos. The command line equivalent is "ufw" and offers a bit more flexibility.

Announcement

Firewall problems

Firewall problems

Comment

Comment