Ubuntu simple firewall setup ufw with GUI (gufw)


The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. iptables provide a complete firewall solution that is both highly configurable and highly flexible.

Becoming proficient in iptables takes time, and getting started with netfilter firewalling using only iptables can be a daunting task. As a result, many frontends for iptables have been created over the years, the Uncomplicated Firewall (ufw) is a command line based frontend for iptables and is particularly well-suited for host-based firewalls; gufw adds a graphical user interface to ufw. Here's how to setup Ubuntu's firewall with ufw and gufw:

ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an adminstrator who knows what he or she is doing. ufw is an upstream for other distributions and graphical frontends.

Gufw is a graphical user interface way to manage your ufw. It supports common tasks such as allowing or blocking pre-configured services, common P2P, or individual IP/port(s), and many others!

Enable the firewall with ufw
sudo ufw enable 

Check the firewall rules & status with ufw
sudo ufw list

For my HP Microserver Ubuntu box I enabled the following ports for various services and applications via gufw:

Airprint (CUPS)
TCP 631
TCP 49152

Webmin (HTTPS)
TCP 10000

Proftpd (FTP)
TCP 21

XBMC Remote
TCP 8080

Samba
TCP 135,139,445

ZeroConf
UDP 137,138

SSH
TCP 22

Default Ubuntu Remote Desktop Server (Vino)
TCP 5900

TightVNCServer (with Vino preinstalled)
TCP 5901

Apple HomeShare
TCP 3689, 5353


Adding rules without gufw
Alternatively the above rules can be added via a terminal, using ufw alone with the following commands: 

sudo ufw allow 631/tcp
sudo ufw allow 49152/tcp
sudo ufw allow 10000/tcp
sudo ufw allow 21/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 135/tcp
sudo ufw allow 139/tcp
sudo ufw allow 445/tcp
sudo ufw allow 137/tcp
sudo ufw allow 138/tcp
sudo ufw allow 22
sudo ufw allow 5900/tcp
sudo ufw allow 5901/tcp
sudo ufw allow 3689/tcp
sudo ufw allow 5353/tcp
sudo ufw allow 5353/udp 

No comments:

Post a Comment