I originally posted this to Anthony Gartner’s Grass Roots Security blog a few months ago. It covers how to get setup with the GUFW Firewall in Ubuntu (Linux). I figure that there may be some of you that might not have checked out Anthony’s blog (which is excellent BTW!) and might benefit from this little tutorial.
There may be some of you that just shook your head and asked “What the hell is Linux?”. Well, it is an Open Source Operating System that has been around since 1991 and is worked on by thousands of developers. It is probably the most configurable OS out there, but the heavy use of command line tends to scare many average users away. There are many different distributions of Linux, with one of them being Ubuntu. With the development of Ubuntu, Linux is now not only for the technically savvy (read: command line junkies). Ubuntu has become a very popular version of Debian-Linux, which is a fairly stable Distro, that is excellent for average computer users and is focused on usability & ease of installation (read: lots of GUI).
With that said, I am going to focus on Ubuntu here. The firewall that is used by Linux distributions is called iptables. It is a command line utility that would make the average user faint. In Ubuntu, the UFW or Uncomplicated Firewall was created, but is still another command line utility. So, eventually, Gufw or Graphical Uncomplicated Firewall was born. It is the GUI frontend for the UFW firewall utility.
The prep for the Ubuntu firewall is not as simple as with Mac OS X or Windows XP/Vista/7, but it is a very easy application to work with. Let’s get started….
First off, Gufw is not installed by default. Let’s get that taken care of. Open a terminal and type apt-get install gufw:
Or, you can use the GUI, Synaptic Package Manger by going to System->Administration->Synaptic Package Manager, go to the search box and type in gufw and mark it for installation & click Apply:
Once that is done, open up Gufw by going to System->Administration->Firewall configuration:
Gufw will now open and you will see this when it first starts:
When you first enable the firewall, it will be set to Allow both Incoming & Outgoing traffic. You will want to change the Outgoing traffic from Allow to Deny to start off:
Also, if you check in Edit->Preferences you will notice that both logging options are turned on by default and that you can set the log detail level you want. You will need to play with this to get your desired results:
From there you can Add rules for your firewall:
Let’s start at the Preconfigured tab. For example, let us say you have no intentions to use FTP (File Transfer Protocol) to remotely push files to your computer, you can use the options under the Preconfigured tab to set it up like so:
You can also go to the Simple tab and choose to either Allow, Deny, Reject or Limit incoming or outgoing communications over a specific port. In the next example, I chose to reject incoming TCP connections to Port 23 (TELNET):
Finally, you can go to the Advanced tab and set rules that will Allow, Deny, Reject or Limit incoming or outgoing communications (TCP, UDP or both) from a range of IP Addresses and Ports:
Well, I hope this post sets you in the right direction. For more information, check out the following resources:
The Gufw Project homepage: http://gufw.tuxfamily.org/wp/
The Ubuntu Community Help page: https://help.ubuntu.com/community/Gufw
Hope you found this helpful!
Joe
