This topic was published by DevynCJohnson and viewed 1816 times since "". The last page revision was "".
- Posts
A firewall is a form of network security that allows or denies incoming and out-going data. Linux (like all or most operating systems) has firewall software. Many Linux systems use a program/daemon called "iptables" or "ufw" as the firewall software. Using firewalls helps protect the system from malware. However, firewalls alone are not enough, but they do help prevent malware, data-theft, etc. Understanding how to use ufw will help admins secure their servers, networks, and other computer systems.
ufw, or "Uncomplicated Firewall", is commonly seen on Ubuntu systems. The GUI interface is called Gufw (GUI for Uncomplicated Firewall). However, not all systems use Gufw, and Gufw does not come with ufw by default. Gufw uses GTK while the Qt alternative is called "kmyfirewall".
To disable ufw, type "ufw enable" using Root privileges. Obviously, typing "ufw disable" will disable the firewall. To enable or disable logging, type "ufw logging on" or "ufw logging off", respectively.
To view the current ufw rules and current status, type "ufw status verbose" (also with Root privileges). Alternately, to sort the rules by port number, type "ufw status numbered".
NOTE: In the list of rules, "Anywhere" means TCP and UDP.
Users (when using Root privileges) can edit rules using various commands. To permit connections of a particular protocol (both incoming and out-going), type "ufw allow ssh" to allow all SSH connections on any port. In addition, "ufw allow ssh/tcp" specifically declares SSH over TCP as opposed to TCP and UDP. To deny protocols and connections, use the same commands, but replace "allow" with "deny".
Various ufw examples
- ufw allow ftp/tcp # allow ftp on tcp
- ufw deny http # block http on all ports, both tcp and udp
- ufw allow 3000:3300/tcp # open ports 3000 to 3300 for tcp only (no udp)
- ufw deny from 192.168.2.10 # explicitly deny incoming connections from 192.168.2.10
- ufw allow from 192.168.0.4 to any port 22 # permit IP address to access port 22 via any protocol
TIP: A general template to remember is "ufw allow|deny <PORT>/<PROTOCOL>".
To delete created rules, type something like "ufw delete allow ftp" which would delete all rules that allow FTP. The command "ufw delete ftp" would remove rules that allow or deny FTP connections. If a user sees a rule listed in the output of "ufw status numbered", then a specific rule can be deleted by listing the number. For instance, when a user executes "ufw status numbered", each rule is given a number (listed in brackets). By typing "ufw delete 7" (for the rule numbered "7"), that particular rule is deleted.
To erase all rules and use the defaults, type "ufw reset".
The configuration files for ufw include /etc/default/ufw, /etc/ufw/before[6].rules, /etc/ufw/after[6].rules, /etc/ufw/sysctl.conf, and /etc/ufw/ufw.conf.
Alternatives to ufw include "iptables", which is another popular firewall software for Linux. Other alternatives include ipchains, Netfilter, NuFW, ipset, Privoxy, and many others.
Some Linux distros are dedicated to being a firewall for a whole network or part of a network. Some firewall distros include SmoothWall, IPCop, IPFire, OpenWrt, Zeroshell, Untangle, and others. However, not all firewall distros use ufw. Users who prefer Ubuntu and ufw can install "Ubuntu Server" and then uninstall any unneeded software. Then, Ubuntu can be used as a dedicated firewall for a network.
Further Reading
