P C Prabhu Kumar
Posts: 11
Joined: Wed Jun 29, 2016 9:07 am

Firewall security for Raspi

Thu Jun 30, 2016 10:07 am

Hi
will Raspi supports any physical or logical Firewalls ? Please let me know any other security measures for Raspi?

java
Posts: 226
Joined: Mon Jul 21, 2014 9:41 am

Re: Firewall security for Raspi

Thu Jun 30, 2016 12:27 pm

Raspbian, and I suspect that all other Linux distributions that run on the RPi boards, have iptables for firewalling. Numerous frontends exist for easing the setup for iptables.

User avatar
pi-anazazi
Posts: 726
Joined: Fri Feb 13, 2015 9:22 pm
Location: EU

Re: Firewall security for Raspi

Thu Jun 30, 2016 1:26 pm

...here is some advice :

http://www.heystephenwood.com/2013/06/s ... ry-pi.html

PS: Exposing port 22 of a raspi to the rest of the world is in my opinion one of the LESS clever ideas in this world.
Kind regards

anazazi

Romonga
Posts: 123
Joined: Mon May 09, 2016 7:09 pm
Location: Montgomery Il

Re: Firewall security for Raspi

Thu Jun 30, 2016 2:10 pm

pi-anazazi wrote:...here is some advice :

http://www.heystephenwood.com/2013/06/s ... ry-pi.html

PS: Exposing port 22 of a raspi to the rest of the world is in my opinion one of the LESS clever ideas in this world.
Yes, it is. This is why if it needs to be open you should use a Key. Or at the very least only allow access by MAC address.
You can run, but you will only die tired.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Firewall security for Raspi

Thu Jun 30, 2016 3:49 pm

Romonga wrote:
pi-anazazi wrote: PS: Exposing port 22 of a raspi to the rest of the world is in my opinion one of the LESS clever ideas in this world.
Yes, it is. This is why if it needs to be open you should use a Key. Or at the very least only allow access by MAC address.
MAC addresses are only visible on the local network. If I connected to your Pi the only MAC address it would see is the MAC address of your router. You can however have IP ranges on the firewall rules so you can allow access from trusted IP ranges.

A strong password or preferably key only access should be used for SSH is it's open, it's often also preferable to move the SSH port away from port 22. Moving the SSH port doesn't necessarily make you any more secure, but it does stop all the password guessing attempts that fill up the logs.

User avatar
DougieLawson
Posts: 39183
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Firewall security for Raspi

Thu Jun 30, 2016 9:12 pm

pi-anazazi wrote:...here is some advice :

http://www.heystephenwood.com/2013/06/s ... ry-pi.html

PS: Exposing port 22 of a raspi to the rest of the world is in my opinion one of the LESS clever ideas in this world.
I think you need to qualify that with "Exposing port 22 without applying some exceedingly strong security and intrusion detection, is one of the LESS clever ideas in this World".

FTP and plain old telnet have a much higher risk than SSH.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

User avatar
pi-anazazi
Posts: 726
Joined: Fri Feb 13, 2015 9:22 pm
Location: EU

Re: Firewall security for Raspi

Fri Jul 01, 2016 7:16 am

For sure you will always find somefink WORSE, but if I have a look at my firewall/IDS logs port 22 (and standard user pi) is REALLY not a good idea.
Kind regards

anazazi

User avatar
DougieLawson
Posts: 39183
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Firewall security for Raspi

Fri Jul 01, 2016 7:36 am

pi-anazazi wrote:For sure you will always find somefink WORSE, but if I have a look at my firewall/IDS logs port 22 (and standard user pi) is REALLY not a good idea.
User pi with its password left as raspberry is an enormous security exposure.

SSH with passwords disallowed is relatively safe.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

Return to “Beginners”