Hey there folks,
I’m trying to figure out how to configure my UFW, and I’m just not sure where to start. What can I do to see the intetnet traffic from individual apps so I can know what I might want to block? This is just my personal computer and I’m a total newbie to configuring firewalls so I’m just not sure how to go about it. Most online guides seem to assume one already knows what they want to block but I don’t even know how/where to monitor local traffic to figure out what I can/should consider blocking.
Worth noting that if you’re trying to block telemetery or ads or things like that, using an adblocking dns is probably the better option. Either through a pihole on your network or some online adblocking dns.
Other than that, if you’re looking for one because you think you “need” one, don’t worry too much if it’s just a personal computer connected to a router. Most distros ship with sensible defaults for security.
If you actually want to use a firewall, block all incoming and allow all outgoing is a reasonable rule of thumb if you aren’t running a server. Note that “block incoming” doesn’t block connections that the system itself started.
Blocking incoming traffic and accepting outgoing traffic is usually the default for distributions anyway.
Debian is a notable exception.
This seems to be some of the most worthwhile advice. I do use a pretty reasonable DNS client (NextDNS) and it allows me to configure some useful filters and such, and when I’m browsing the internet I also use uBlock Origin and manually allow any third party content one by one.
I did configure UFW to block incoming and allow outgoing, and that should be more than enough for me. I think I’m a pretty “standard” user in the sense that I would make a fairly average target for a would-be attacker. It’s not like I own a web server with goodies worth exploiting.
A part of me really wants to learn more because at some point I’ll have my own router that I’ll want to ensure is configured properly because I’ll likely end up making my own server for media stuff.
Thank you for your reply!
I recommend reading “TCP/IP Illustrated: Volume 1, Second Edition” if you want to learn more about networking. Make sure it’s the second edition, because the first edition is very old. The second edition is also over a decade old now, but it’s still almost completely correct, as the basics haven’t changed much. And don’t mistake the book to be overly simplified because of the title; it’s a very technical book that references the actual RFCs wherever appropriate.