2015-11-20 Update
guarddog is very outdated (source has not been kept up for years) and requires pulling in too many dependencies, I recommend ipkungfu as a replacement.
Background
I highly recommend using a local (or sometimes referred to as a ‘soft-firewall’) on all personal computers (windows, mac, linux, or other) as it offers one more layer of security. This guide provides a few basic concepts for using Guarddog as a local firewall.
Firewall Background
A firewall is, at its simplest level, software that allows or disallows network communication. A local firewall is software that resides on your local computer and allows/disallows your computer to communicate with other things (such as the internet, a printer, or other computers). You may wonder why you need such a device and the answer is quite simple; security. Often computers have communication paths (ports) open to allow things like printing, Instant Messaging, and Web browsing. This is typically needed and wanted by most people; however, it is also a key method hackers use to gain access into your computer. If you disallow ports which you do not need it limits the options that hackers can use to get into your computer. There are many more reasons for why you would want a firewall and what firewalls are but this guide is about using a firewall, not justifying ;-)
Details
Please see the Installing Guarddog in Ubuntu 11.04 page for installation information on how to install guarddog.
Starting
Starting guarddog is like starting any other application; however, guarddog will require administrative (root) privileges as it alters your ipchains/iptables files. You can alter the shortcut that launches guarddog by prefacing it with “gksu” which will prompt you for admin password on startup or launch guarddog from the command line with “sudo guarddog”.
Basic Setup
The first thing you will want to do in guarddog is ensure it is active. To do this, go to the Advanced tab and ensure “Disable firewall” is unchecked. I also prefer to turn on (check) the “Show advanced protocol help” and turn off all logging (go to the Logging tab and uncheck “Log blocked packets” and uncheck “Log rejected packets”).
Using the Firewall
After performing the above steps you’ll probably notice that you can no longer access the internet (or virtually anything outside of your local computer). Try going to adercon.com and see what you get! No need to panic, you can easily disable your firewall by going to the Advanced tab and checking the “Disable firewall” option (and then click Apply) and you’ll be right back to where you started. So lets add a rule to allow internet traffic so you can get to adercon.com with your firewall enabled:
- Go to the Protocol tab
- Select Internet in the Defined Network Zones section and Expand File Transfer in the Zone Properties section
- You should see “HTTPS” and “HTTP” items, check both items under the “Local” column
- Click Apply
- Now try to access adercon.com again
What you just did was to add two new rules to your firewall that allows HTTP and HTTPS traffic between your computer (Local) and the Internet. One thing to note: if the above does not allow you to access adercon.com you, more than likely, also need to add a rule to allow DNS traffic as this allows your local computer to send/receive local network routing services. To do this find and check DNS under the Network group in the Zone Properties section.
You can explore the other groups in the Zone Properties section as there is a wide list of items you may want to enable/disable such as:
- Chat > Jabber (allows google chat)
- Data Serve > LDAP (allows LDAP communication)
- Data Serve > NTP (allows NTP traffic)
- Interactive Session > SSH (allows SSH traffic)
- Mail > IMAPS (allows Secure IMAP traffic)
If you need more information on an item in the list select the item and you will see its Name and Description (which provides more details about the item) in the left section of guarddog.
A local firewall is a very useful device in securing your computer. Firewalls can be complicated, guarddog helps the process by providing an easy to use/understand interface, providing information about each item, and most importantly providing an easy way to enable/disable the firewall if you get stuck or run into issues.
If you run into issues you cannot solve, try googling on something like “guarddog howto allow google chat”. If you cannot find a solution leave a comment below and I’ll see what I can do!
Notes
Import / Export Rules
I typically set up guarddog on multiple computers and rather than setting each computer up manually I set one up as I like/need and Export the rules and then Import the rules to other computers. To do this go to the Advanced tab and use the Export… / Import… buttons.
Additional Network Zones
I often need different “rules” for different locations. Guarddog has “Network Zones” which allow you to create rules that behave differently depending on the Zone. For instance, I create a Network Zone for my “Home Network” and “Work” and perhaps separate Zones for clients I work for. Each Zone allows me to define a set of computers and then create rules for those computers as a group.
As an example of the above, take the “Home Network” zone. I define a set of computers on my home network (by IP, subnet, domain, etc) in the Zone. I can then open ports in this zone such as SSH that I may not want open in the Internet zone. This is often useful in opening VPN ports or Remote Desktop ports for client connections.
Setting up a Zone for a Local Network
The following example shows how to set up a “Home” zone for your Local Network.
- Go to the Zone tab
- Enter Name and Comment as needed; for example Name: Home Network
- Click the New Address button and enter: 192.168.1.255 (this is your network broadcast address)
- Click the New Address button again and enter: 192.168.1.0/255.255.255.0 (this is your network address range)
- In the Connection section, make sure “Local” is selected
You should now be able to define firewall settings for your home network!
Its important to note that the “Local” zone is not your local network rather it is your local computer. This can be used to open ports locally (say a local webserver) and also disable local ports.
Troubleshooting / Logging
You’ll often find yourself at a place where an application (google chat for example) just will not work. It can be helpful to enable logging in guarddog (Logging tab, check log blocked and rejected packets). You can then view dmesg to see what port(s) are being blocked. Simply add a rule that allows traffic on this port and you should be fine.