The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. iptables provide a complete firewall solution that is both highly configurable and highly flexible.
Becoming proficient in iptables takes time, and getting started with netfilter firewalling using only iptables can be a daunting task. As a result, many frontends for iptables have been created over the years, the Uncomplicated Firewall (ufw) is a command line based frontend for iptables and is particularly well-suited for host-based firewalls; gufw adds a graphical user interface to ufw. Here's how to setup Ubuntu's firewall with ufw and gufw:
ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an adminstrator who knows what he or she is doing. ufw is an upstream for other distributions and graphical frontends.
Gufw is a graphical user interface way to manage your ufw. It supports common tasks such as allowing or blocking pre-configured services, common P2P, or individual IP/port(s), and many others!
Enable the firewall with ufw
sudo ufw enable
Check the firewall rules & status with ufw
sudo ufw list
For my HP Microserver Ubuntu box I enabled the following ports for various services and applications via gufw:
Airprint (CUPS)
TCP 631
TCP 49152
Webmin (HTTPS)
TCP 10000
Proftpd (FTP)
TCP 21
XBMC Remote
TCP 8080
Samba
TCP 135,139,445
ZeroConf
UDP 137,138
SSH
TCP 22
Default Ubuntu Remote Desktop Server (Vino)
TCP 5900
TightVNCServer (with Vino preinstalled)
TCP 5901
Apple HomeShare
TCP 3689, 5353Adding rules without gufw
Alternatively the above rules can be added via a terminal, using ufw alone with the following commands:
sudo ufw allow 631/tcp
sudo ufw allow 49152/tcp
sudo ufw allow 10000/tcp
sudo ufw allow 21/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 135/tcp
sudo ufw allow 139/tcp
sudo ufw allow 445/tcp
sudo ufw allow 137/tcp
sudo ufw allow 138/tcp
sudo ufw allow 22
sudo ufw allow 5900/tcp
sudo ufw allow 5901/tcp
sudo ufw allow 3689/tcp
sudo ufw allow 5353/tcp
sudo ufw allow 5353/udp
google 671
ReplyDeletegoogle 672
google 673
google 674
google 675