PF I had completely forgotten install a firewall

solidwarea

solidwarea

Please do bare with me on this one, I'm not sure how this completely slipped my mind, but I had installed FreeBSD on a laptop of mine a day ago or so and I had used it a bit that day, mostly just setting it up and some light browsing though. I randomly remembered today that I needed to setup pf and did so immediately but I was wondering if there's any way I could ensure that nothing dire happened during the time the firewall was down?
Thank you
 
solidwarea said:
but I was wondering if there's any way I could ensure that nothing dire happened during the time the firewall was down?
Click to expand...
If none of your ports are listening for incoming connections then you are safe (and they don't tend to with operating systems that aren't malware unless you have specifically done this yourself for a legitimate service / daemon).

You can use i.e sockstat, to check what ports are listening. Also, if they are only listening on loopback/127.0.0.1 then you are also safe. In a default install, you will probably only see port 22 being listened on (SSH).

On Windows and macOS I don't really trust the software to not make damaging outgoing connections either, but with FreeBSD you generally can trust the software more. Thus outgoing firewall blocking is less important.

(note: Xorg listens on a unix socket (internal) and has done for a decade, so no risk here. You don't need the related ports in your firewall, even though many still do for some reason).

In short... you likely don't even need a firewall for a laptop/workstation use-case.
 
kpedersen said:
If none of your ports are listening for incoming connections then you are safe (and they don't tend to with operating systems that aren't malware unless you have specifically done this yourself for a legitimate service / daemon).

You can use i.e sockstat, to check what ports are listening. Also, if they are only listening on loopback/127.0.0.1 then you are also safe. In a default install, you will probably only see port 22 being listened on (SSH).

On Windows and macOS I don't really trust the software to not make damaging outgoing connections either, but with FreeBSD you generally can trust the software more. Thus outgoing firewall blocking is less important.

(note: Xorg listens on a unix socket (internal) and has done for a decade, so no risk here. You don't need the related ports in your firewall, even though many still do for some reason).

In short... you likely don't even need a firewall for a laptop/workstation use-case.
Click to expand...
Thank you, I ran 'sockstat -4 -l' and it listed a ton of connections made with Firefox which made me raise an eyebrow but I'm assuming it might be because I've been running Youtube for the past 2h or so?
I don't believe that I've really done much before configuring pf. I essentially installed KDE and some software (eg. vscode, blender, inkscape) and quickly joined a Minecraft server just to try out the graphics driver (nvidia). I also made sure to check that the router's firewall was enabled, and so it was.
 
Laptop is (or was) probably connected to the internet through some home ISP modem/router anyway. If it has an IP address somewhere in the 192.168.x.x range then you're behind NAT. Connections made from the internet to your laptop would be impossible unless specifically opened and forwarded on the ISP's modem/router. So that's one less thing to worry about.
 
You must log in or register to reply here.
Back
Top