 | |
|
Technology news and Jobs 
The Linux distillery ufw ftw! Ubuntu 8.04’s uncomplicated firewall
The Linux distillery ufw ftw! Ubuntu 8.04’s uncomplicated firewall | ufw ftw! Ubuntu 8.04’s uncomplicated firewall |
|
|
| by David M Williams | |
| Thursday, 03 April 2008 | |
|
Page 2 of 3 To enable ufw you just need to run one dead simple command:sudo ufw enable sudo ufw disable Once you’ve turned ufw on you will want to run a command like sudo ufw default deny as given above so that you set the general fallback position that ufw will apply should any of the rules not cater for specific traffic. You needn’t make it block all incoming traffic by default; if you have a legitimate need to do so you can make ufw default to being mostly open by the similar command sudo ufw default allow This makes the default action to permit traffic unless a rule specifically denies it. However, you would want to be certain this is what you require and is best for your situation. Certainly, any Internet-facing servers would be best aided by having traffic blocked except anything you definitely wish to permit. You might be keen to see what ufw is doing; in that case you can enable its logs by sudo ufw logging on And, as you might guess, you can suppress logging later by sudo ufw logging off So, ufw is pretty easy to get running and to configure, with rules added and removed at will and with great flexibility. By now you might be asking how you check what your rules are. Do you need to manually record them in a spreadsheet or text document? The answer is no; with the simple command ufw status you can get an easy to read dump of all the rules. This is text based making it both readable to humans and also readable and able to be parsed by other commands. You can pipe the output from this into another program for analysis or further refining – perhaps grep, for instance, so you can programmatically determine if certain ports are open or not. This status command need not be executed through sudo because it is read-only; it doesn’t require elevated permissions to display the current rules as they are. For those who like to know what’s going on under the hood, ufw writes its rules to a config file called /etc/ufw/maps. The status command simply reads this config file and formats its output. If you install the Hardy Heron – otherwise known as Ubuntu 8.04 – and find you’ve omitted ufw from being installed you can very simply and quickly bring it into being with sudo apt-get install ufw This will retrieve and install the ufw package making all the above available for use. You can check that this has worked via dpkg –get-selections | grep ufw If the output says ufw followed by install then it is ready and available. Keep in mind that you – ie the human operator – are not the only one who will be setting firewall rules. As good as systems like iptables are, they have had one perceived deficiency from a Linux distribution point of view, namely they are not integrated into the package management facilities. Here’s where ufw has a real strength. What does this mean? Please read on. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
