The Linux distillery
Bringing the world of Linux to you, David cuts through the tech and shows you how it works and how to use it, in terms that apply to any distro. RSS
Technology news and Jobs arrow The Linux distillery arrow ufw ftw! Ubuntu 8.04’s uncomplicated firewall
ufw ftw! Ubuntu 8.04’s uncomplicated firewall E-mail
by David M Williams   
Thursday, 03 April 2008
Page 1 of 3
One of the exciting new features coming up in the impending release of the brand spanking new Ubuntu 8.04 is the uncomplicated firewall known as ufw. This system will allow straightforward configuration of firewall rules and will also intelligently integrate with the rest of Ubuntu. Here's all there is to know about driving it and why it's a good move by Ubuntu.
One of the most compelling features of ufw is the work the authors have put in to make its syntax a little more for human beings than the conventional iptables firewall. Here’s some sample commands.

Firstly, to set the default policy to drop (deny) all connections:
sudo ufw default deny

Then to permit TCP connections on port 22
sudo ufw allow 22/tcp

You can allow or deny any individual port; for instance if you wished to prevent SMTP connections but not modify any other rules you would type
sudo ufw deny 25

This drops all connections coming in to port 25 – whether by TCP or UDP. As you can see from the above suggestion, we can specify whether the rules refer to TCP or UDP on an individual basis, or by omitting to specify both protocol forms are counted.

Additionally, ufw knows the names of all standard protocols. There’s no need for you to be cognoscente that SMTP is commonly port 25. The same command can also be written as
sudo ufw deny smtp

This therefore means you can turn on or off web traffic, e-mail, ftp, telnet, ssh and any and all common ports without having to look up what the underlying port numbers actually are. The service name matches what is listed in /etc/services.

You can also route traffic between source and destination IP addresses like so:
sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

The port numbers need not match if you wish to remap ports; perhaps you want to make your web server hidden from casual browsers; you might thus require people to use port 8080 when viewing it (e.g. http://website:8080); by using ufw in this way you can redirect incoming traffic on port 8080 to port 80 on your web server without actually opening port 80 to external users or exposing that machine to the internet.

Your rules can be easily revoked with commands like this:
sudo ufw delete allow 22/tcp

This now removes the rule we added earlier, to permit inbound traffic on TCP port 22.

It’s not uncommon that you might permit unrestricted traffic from a specific static IP address. ufw caters for this with commands like
sudo ufw allow from 192.168.1.50

And then, of course, it can be revoked with the equivalent delete command:
sudo ufw delete allow from 192.168.1.50

All this said, by default ufw is disabled. That’s because Ubuntu’s team don’t wish to impose a new tool upon users without their explicit acceptance. Further, users may have their own existing firewall system in place – be it iptables or something else.

So, the first thing you’ll need to do with ufw is actually turn it on and make it persistent so it starts upon reboot.

How do we do this? Please read on.

CONTINUED






<< First page <   1 2 3 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire