LiveUSB goes without firewall
I made a bootable USB to try another linux distribution. When the OS was booted up, I checked iptables and it was all ACCEPT. I suppose it's not safe to use with working internet connection. I may be overcautious but what do other overcautious people do in such a case?
security liveusb
asked Jan 6 at 20:18
AndraAndra
43117
add a comment |
I made a bootable USB to try another linux distribution. When the OS was booted up, I checked iptables and it was all ACCEPT. I suppose it's not safe to use with working internet connection. I may be overcautious but what do other overcautious people do in such a case?
security liveusb
asked Jan 6 at 20:18
AndraAndra
43117
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26
add a comment |
I made a bootable USB to try another linux distribution. When the OS was booted up, I checked iptables and it was all ACCEPT. I suppose it's not safe to use with working internet connection. I may be overcautious but what do other overcautious people do in such a case?
security liveusb
asked Jan 6 at 20:18
AndraAndra
43117
I made a bootable USB to try another linux distribution. When the OS was booted up, I checked iptables and it was all ACCEPT. I suppose it's not safe to use with working internet connection. I may be overcautious but what do other overcautious people do in such a case?
security liveusb
security liveusb
asked Jan 6 at 20:18
AndraAndra
43117
asked Jan 6 at 20:18
AndraAndra
43117
asked Jan 6 at 20:18
AndraAndra
43117
asked Jan 6 at 20:18
AndraAndra
43117
asked Jan 6 at 20:18
AndraAndra
43117
43117
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26
add a comment |
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26
add a comment |
4 Answers
4
active
oldest
votes
If ufw's installed & ready to go, it might just take a
sudo ufw enable
to get it up & running.
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
add a comment |
It depends on the Linux distro. Mostly they are without root password and sometimes without sshd, so no one will be able to login to this OS. For longer work with such a system you should take care of its security, and always if you install any Internet services (FTP, Samba, sshd, apache2 etc.). If you are behind a router with a firewall and there are no redirected ports you should sleep safe.
answered Jan 6 at 20:36
pbiespbies
1,55911217
add a comment |
Were you to create your alternate Linux distro LiveUSB with Persistence, you would be able to configure it and keep the configuration between reboots using the dedicated storage space in the Persistance LiveUSB. Instructions vary according to your distro, but Ubuntu-derived distros have instructions here and there are generalized multi-distro instructions here.
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
add a comment |
My plan to proceed was as follows (in this case, ubuntu):
download appropriate ufw package and put it on an accessible partition (or a usb disk)
- unplug the ethernet cable
- put the hardware WiFi switch in off position
- load the OS from the USB stick
- get ufw to work:
5.1. runsudo ufw enablein terminalif I don'tget "Firewall is active and enabled on system startup", then:
5.2.install ufw using the package from (1)
- run
sudo iptables -Lto be sure it is by default DROP for input and forward - plug in the cable / switch on wifi
- repeat all this when booting anew
answered Jan 7 at 18:05
AndraAndra
43117
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391252%2fliveusb-goes-without-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
If ufw's installed & ready to go, it might just take a
sudo ufw enable
to get it up & running.
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
add a comment |
If ufw's installed & ready to go, it might just take a
sudo ufw enable
to get it up & running.
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
add a comment |
If ufw's installed & ready to go, it might just take a
sudo ufw enable
to get it up & running.
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
If ufw's installed & ready to go, it might just take a
sudo ufw enable
to get it up & running.
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
answered Jan 6 at 21:11
Xen2050Xen2050
10.5k31536
10.5k31536
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
add a comment |
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
In this case, it was really all to do. Sorry, I wrote my own answer after considering which precautions I'd take.
– Andra
Jan 7 at 18:05
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
No problem, if this (or any) answers were useful, then feel free to give them an upvote, and select one as correct (even if it's your own, though you don't get any rep points for selecting your own)
– Xen2050
Jan 8 at 2:04
add a comment |
It depends on the Linux distro. Mostly they are without root password and sometimes without sshd, so no one will be able to login to this OS. For longer work with such a system you should take care of its security, and always if you install any Internet services (FTP, Samba, sshd, apache2 etc.). If you are behind a router with a firewall and there are no redirected ports you should sleep safe.
answered Jan 6 at 20:36
pbiespbies
1,55911217
add a comment |
It depends on the Linux distro. Mostly they are without root password and sometimes without sshd, so no one will be able to login to this OS. For longer work with such a system you should take care of its security, and always if you install any Internet services (FTP, Samba, sshd, apache2 etc.). If you are behind a router with a firewall and there are no redirected ports you should sleep safe.
answered Jan 6 at 20:36
pbiespbies
1,55911217
add a comment |
It depends on the Linux distro. Mostly they are without root password and sometimes without sshd, so no one will be able to login to this OS. For longer work with such a system you should take care of its security, and always if you install any Internet services (FTP, Samba, sshd, apache2 etc.). If you are behind a router with a firewall and there are no redirected ports you should sleep safe.
answered Jan 6 at 20:36
pbiespbies
1,55911217
It depends on the Linux distro. Mostly they are without root password and sometimes without sshd, so no one will be able to login to this OS. For longer work with such a system you should take care of its security, and always if you install any Internet services (FTP, Samba, sshd, apache2 etc.). If you are behind a router with a firewall and there are no redirected ports you should sleep safe.
answered Jan 6 at 20:36
pbiespbies
1,55911217
answered Jan 6 at 20:36
pbiespbies
1,55911217
answered Jan 6 at 20:36
pbiespbies
1,55911217
answered Jan 6 at 20:36
pbiespbies
1,55911217
1,55911217
add a comment |
add a comment |
Were you to create your alternate Linux distro LiveUSB with Persistence, you would be able to configure it and keep the configuration between reboots using the dedicated storage space in the Persistance LiveUSB. Instructions vary according to your distro, but Ubuntu-derived distros have instructions here and there are generalized multi-distro instructions here.
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
add a comment |
Were you to create your alternate Linux distro LiveUSB with Persistence, you would be able to configure it and keep the configuration between reboots using the dedicated storage space in the Persistance LiveUSB. Instructions vary according to your distro, but Ubuntu-derived distros have instructions here and there are generalized multi-distro instructions here.
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
add a comment |
Were you to create your alternate Linux distro LiveUSB with Persistence, you would be able to configure it and keep the configuration between reboots using the dedicated storage space in the Persistance LiveUSB. Instructions vary according to your distro, but Ubuntu-derived distros have instructions here and there are generalized multi-distro instructions here.
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
Were you to create your alternate Linux distro LiveUSB with Persistence, you would be able to configure it and keep the configuration between reboots using the dedicated storage space in the Persistance LiveUSB. Instructions vary according to your distro, but Ubuntu-derived distros have instructions here and there are generalized multi-distro instructions here.
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
answered Jan 7 at 19:39
K7AAYK7AAY
3,76621638
3,76621638
add a comment |
add a comment |
My plan to proceed was as follows (in this case, ubuntu):
download appropriate ufw package and put it on an accessible partition (or a usb disk)
- unplug the ethernet cable
- put the hardware WiFi switch in off position
- load the OS from the USB stick
- get ufw to work:
5.1. runsudo ufw enablein terminalif I don'tget "Firewall is active and enabled on system startup", then:
5.2.install ufw using the package from (1)
- run
sudo iptables -Lto be sure it is by default DROP for input and forward - plug in the cable / switch on wifi
- repeat all this when booting anew
answered Jan 7 at 18:05
AndraAndra
43117
add a comment |
My plan to proceed was as follows (in this case, ubuntu):
download appropriate ufw package and put it on an accessible partition (or a usb disk)
- unplug the ethernet cable
- put the hardware WiFi switch in off position
- load the OS from the USB stick
- get ufw to work:
5.1. runsudo ufw enablein terminalif I don'tget "Firewall is active and enabled on system startup", then:
5.2.install ufw using the package from (1)
- run
sudo iptables -Lto be sure it is by default DROP for input and forward - plug in the cable / switch on wifi
- repeat all this when booting anew
answered Jan 7 at 18:05
AndraAndra
43117
add a comment |
My plan to proceed was as follows (in this case, ubuntu):
download appropriate ufw package and put it on an accessible partition (or a usb disk)
- unplug the ethernet cable
- put the hardware WiFi switch in off position
- load the OS from the USB stick
- get ufw to work:
5.1. runsudo ufw enablein terminalif I don'tget "Firewall is active and enabled on system startup", then:
5.2.install ufw using the package from (1)
- run
sudo iptables -Lto be sure it is by default DROP for input and forward - plug in the cable / switch on wifi
- repeat all this when booting anew
answered Jan 7 at 18:05
AndraAndra
43117
My plan to proceed was as follows (in this case, ubuntu):
download appropriate ufw package and put it on an accessible partition (or a usb disk)
- unplug the ethernet cable
- put the hardware WiFi switch in off position
- load the OS from the USB stick
- get ufw to work:
5.1. runsudo ufw enablein terminalif I don'tget "Firewall is active and enabled on system startup", then:
5.2.install ufw using the package from (1)
- run
sudo iptables -Lto be sure it is by default DROP for input and forward - plug in the cable / switch on wifi
- repeat all this when booting anew
answered Jan 7 at 18:05
AndraAndra
43117
edited Jan 8 at 11:46
answered Jan 7 at 18:05
AndraAndra
43117
answered Jan 7 at 18:05
AndraAndra
43117
answered Jan 7 at 18:05
AndraAndra
43117
43117
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391252%2fliveusb-goes-without-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You can configure your protection before you use the internet, but you will need to redo this on each boot.
– AFH
Jan 6 at 20:26