Protecting your computer from network and physical attacks should be at the very top of your computing to-do list. And if you are new to Pear Linux Comice OS 4, a Linux distribution derived from Ubuntu Desktop, the network security aspect has been made a little bit easier for you.
And that is because on a new installation of Comice OS 4, which was recently reviewed here (see Pear Linux Comice OS 4 review), the firewall is enabled out of the box. Because of the default firewall rules, your computer is protected, even if you do not do anything else. Though your computer might be sitting behind a cable modem, fiber optic or DSL router with a firewall enabled, that does not negate the need for running a firewall on your computer. A good case for why this is highly recommended has been made in a previous article. See Why your computer needs a firewall enabled.
By the way, the firewall application is called ufw, the Uncomplicated FireWall. It is a command line frontend to IPTables, the original script for managing the Linux firewall. ufw was borne out of a need for a simple, easy-to-use alternative to IPTables. That is a very short history of ufw.
While it is easy to use, it is still a command line tool. For those not comfortable on the command line, there is a graphical interface for ufw. It is called Gufw. Installing it offers a more user-friendly interface for managing the firewall. This article show how to install and enable it.
You can install it from the command line or by using Pear Appstore, Comice OS’s graphical package manager. To install it from the command line, start a shell terminal, and type sudo apt-get install gufw. The screen shot below shows how it should be.
From Pear Appstore, click on the Repository tab, and search for “gufw.” There should be just one result returned. Click on the Install button to download and install it.
After installation has completed successfully, click the Start button to launch it.
This is what Gufw looks like when it has not been enabled. To enabled it, click on the key button to unlock it. You will be required to authenticate.
After it has been unlocked, click on the Status switch to enable it. And that is all you need to do. As stated earlier, unless you want to run a service that can be remotely accessed from other computers, you do not need to do anything else. The default rule, which allows all outgoing connections, while denying all incoming connections that have no related entry in the State table, keeps your computer protected.
A good way to keep an eye on what service is running on your computer, is to install an application called nmap, the Network Mapper. From the command line, type sudo apt-get install nmap to install it. You may also use Pear Appstore. Just search for “nmap.” After installation, type nmap localhost. The output will show a list of open ports on your computer. Make a note of the services listed. Run this command often just to make sure no service is running that you did not enable.