Use the Gufw firewall
ENABLE THE FIREWALL
Gufw is the graphical front-end for UFW, the uncomplicated firewall, which is one of the simplest front-ends for iptables. Fire up Gufw and change the Status toggle to ‘On’ to enable the firewall. Gufw includes three profiles: public, office and home. The default is the home profile that denies all incoming traffic and allows all outgoing traffic. This will let you surf the internet without any issues.
PRECONFIGURED RULES
After you’ve set the policy for traffic, you can define specific rules for allowing traffic for individual apps and services. To create a rule, switch to the Rules tab and click on the ‘+’ button. Use the Application pull-down in the Preconfigured tab to select the app you want to allow and Gufw will define the most effective rule for that app. Then press the ‘Add’ button to append the new rule.
MORE CUSTOMISATION
The Advanced tab is useful if you need to make minute customisations as per your requirements — for example, if you only wish to allow the SSH service from computers within a particular IP address range over a particular interface. Since the firewall matches traffic against rules in ascending order, you can also manually give your custom rule a number to specify its position in the list of firewall rules.
DEFINE POLICIES
You can alter the incoming and outgoing policies by selecting one of the three options in their respcetive drop-downs. The Allow option will allow traffic without asking any questions. The Deny option will silently discard packets, while the Reject option also sends an error packet to the sender. A good idea is to deny all incoming connections and then selectively enable the ones you wish to allow.
CUSTOMISE RULES
Gufw enables you to tweak the default rules, which comes in handy especially when you’re running a service on a non-default port. Switch to the Simple tab, which is similar to the Preconfigured tab but instead of a drop-down list of apps, it allows you to manually specify the port number for the service. You can either add a specific port (23) or a range of ports (11200:11299).
WATCH INCOMING TRAFFIC
One particularly useful feature of Gufw is the live listening report. After you’ve added the rules, switch to the Report tab that’ll list all traffic along with other relevant information such as the protocol, port, IP address and application. You can use this info to adjust the rules particularly for incoming traffic. Then there’s the Log tab which keeps track of Gufw’s activity and helps identify any suspicious activity.