 I just got back from a trip to New York and my laptop, well, it touched a lot of places including public Wi-Fi and you are at the mercy of the network. That is sometimes a problem of whoever set up said network. And I discovered that some networks were more than it should have been this way were set up by people who didn't really think to isolate devices. So when you jumped onto this free in public Wi-Fi network, you could see all the other devices, which also in turn means they can see you. And if you are someone who maybe opened up a service because you wanted to share some files from your laptop to someone else and maybe you didn't put passwords on it because you're like, it's just at home. It's not a big deal. Well, now it is a big deal because you've taken it out in public. So you have to be conscious of that. But there are solutions. And putting a firewall on that denies everything for incoming and but allows outgoing easy way to do that. So let's cover how to set up uncomplicated firewall on Linux. Uncomplicated firewall. Someone's going to point out that I'm a new Linux user and it looks complicated because there's these rules and there's things I have to do. And actually it's easier than you think. And most Linux distributions that are running apt or devian base or devian or a bunch of base and including this parrot installation that I have here. This works on PopOS. This works like I said a lot of different distributions. We're going to sudo apt get install ufw. I've already installed it. So no problem. It already is installed. So now we can just go ufw enable firewall is active and enable system startup. That's it. You can stop the video here if you want to know how to set the firewall up because you're done. It's set up. It has blocked anything. So if I have file sharing, I have SSH, any services I may have turned on are now blocked. And then they show you how to do things like how do you go through and disable it would be sudo ufw disable and turn it back off or how do we allow something. So you can sudo ufw sudo ufw allow SSH rule added. So now we're going to go sudo ufw status. It's active and we're allowed SSH. But once again, you're probably noticing or may ask the question of, well, it's the command line that still seems complicated. And we can also then deny implicitly deny SSH status. Now it's set to deny. Not too hard to do. But let's go and make it less complicated. So we're going to take the uncomplicated firewall and show you how to uncomplicated even more. Get install g ufw. Now I've already installed this and we'll just launch it. g uf. Same thing, it's going to ask for admin permissions. And this is the uncomplicated firewall UI. And I like this a lot. It makes it pretty simple to manage or change any of the rules. So you can set profiles, public, home, so you can have different rule sets, really easy to change them. You can do allow this from the command line. Actually, I should say you can do all of this from the command line. And it's one and the same. So even though I added the rules to the command line, this still uses the same. So it's not like creating two different rule sets. And then we can go here and deny and delete these. So we're going to remove, remove. And now there's no rules. And by default, incoming means reject, outgoing, allow, which means we can get out. But you can get really fine grained here and customize rules. All right. So adding the rules in here is actually pretty easy. So we got rid of those rules. Let's go ahead and add a rule. They have a preconfigured rule set, which actually like the way this works. Allow, deny, reject, limit, direction, inner, out. So if you need to go specifically to block something because you want to block something from having internet access, category, all video games access like a network service, subcategory, remote access, subcategory again, like V and C. So now you can go specifically and block something. Or you can go to the simple part, name SSH. We want to allow in partner service 22. Just click add. And just like that, we've now allowed in anywhere SSH. Now, if you wanted to edit that rule further, it does have the option to get more fine grained in the rules. So we'll go ahead and edit this rule from IP. So you can set restrictions like only allow from this particular IP to here, et cetera, et cetera. And like I said, it gives you all the rules. But this, to me, makes the uncomplicated firewall truly uncomplicated. But for the most part, because of the way firewalls work, and this is just a quick reminder, many of you already know this. When you reject everything and allow outbound, because you're initiating a connection, it's good. So you're not in trouble by allowing all outgoing. Some people like to do what they refer to as egress filtering, which means filter everything that is leaving the network and fine grained. If you want to be that way and start digging into it, you can. But for the most part, it's fine just to have it allow the outgoing that way any apps that need to get out on the internet can. And the things that are coming in, you have implicitly allowed them, filtered them by IP, or just created a profile that says, I'm out in public on a public Wi-Fi. I just want to make sure the firewall's on and nothing's coming in, and you can do that. The other thing I'm going to recommend whenever you're on public Wi-Fi because of problems like DNS hijacking and you're subjected to whatever, generally speaking, whatever DNS servers have been handed to you on that public Wi-Fi network. So a VPN tunnel is nice because it will encapsulate all the data and get it out to the edge. But remember that only provides the limit amount of security. You start to trust whoever that VPN is going upstream because they could be filtering it as well. And for the most part, most sites, make sure they are doing this, are SSL, so which means they're encrypted by default. So even though they would be able to see the metadata for where your computer's going by watching IP streams, if you don't encapsulate, but it's still encrypted if you're using HTTPS. But that extra layer of a VPN on your public network, probably not a horrible idea. That way they have no extra data about your computer. They'll see the stream go through. And that's easy enough. I'm just going to go beyond the scope of this talk for how to do firewall. But yeah, you can easily use open VPN with pretty much all the major Linux distributions very easily. That's a separate video I'll do another time. But that's how you're going to get the uncomplicated firewall and the uncomplicated firewall UI setup. Two commands, apt-get install ufw and apt-get install gufw. We could string it together to make one command, yes. And that's it. You have the firewall turned on. I do recommend it, especially if you're traveling like I am and your laptop sees a lot of these less than safely configured public networks. Thanks. Thanks for watching. If you like this video, give it a thumbs up. If you want to subscribe to this channel to see more content, hit that Subscribe button and the bell icon. And maybe YouTube will send you a notice when we post. If you want to hire us for a project that you've seen or discussed in this video, head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us. Also, if you want to carry on the discussion further, head over to forums.laurancesystems.com where we can keep the conversation going. And if you want to help the channel out in other ways, we offer affiliate links below, which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.