Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
The Linux distillery
Bringing the world of Linux to you, David cuts through the tech and shows you how it works and how to use it, in terms that apply to any distro. RSS
Technology news and Jobs arrow The Linux distillery arrow ufw ftw! Ubuntu 8.04’s uncomplicated firewall
ufw ftw! Ubuntu 8.04’s uncomplicated firewall E-mail
by David M Williams   
Thursday, 03 April 2008
To enable ufw you just need to run one dead simple command:
sudo ufw enable

Conversely, you can turn it off later for any specific purpose or forever by
sudo ufw disable

Once you’ve turned ufw on you will want to run a command like
sudo ufw default deny

as given above so that you set the general fallback position that ufw will apply should any of the rules not cater for specific traffic. You needn’t make it block all incoming traffic by default; if you have a legitimate need to do so you can make ufw default to being mostly open by the similar command
sudo ufw default allow

This makes the default action to permit traffic unless a rule specifically denies it. However, you would want to be certain this is what you require and is best for your situation. Certainly, any Internet-facing servers would be best aided by having traffic blocked except anything you definitely wish to permit.

You might be keen to see what ufw is doing; in that case you can enable its logs by
sudo ufw logging on

And, as you might guess, you can suppress logging later by
sudo ufw logging off

So, ufw is pretty easy to get running and to configure, with rules added and removed at will and with great flexibility. By now you might be asking how you check what your rules are. Do you need to manually record them in a spreadsheet or text document?

The answer is no; with the simple command
ufw status

you can get an easy to read dump of all the rules. This is text based making it both readable to humans and also readable and able to be parsed by other commands. You can pipe the output from this into another program for analysis or further refining – perhaps grep, for instance, so you can programmatically determine if certain ports are open or not.

This status command need not be executed through sudo because it is read-only; it doesn’t require elevated permissions to display the current rules as they are.

For those who like to know what’s going on under the hood, ufw writes its rules to a config file called /etc/ufw/maps. The status command simply reads this config file and formats its output.
If you install the Hardy Heron – otherwise known as Ubuntu 8.04 – and find you’ve omitted ufw from being installed you can very simply and quickly bring it into being with
sudo apt-get install ufw

This will retrieve and install the ufw package making all the above available for use. You can check that this has worked via
dpkg –get-selections | grep ufw

If the output says ufw followed by install then it is ready and available.

Keep in mind that you – ie the human operator – are not the only one who will be setting firewall rules. As good as systems like iptables are, they have had one perceived deficiency from a Linux distribution point of view, namely they are not integrated into the package management facilities. Here’s where ufw has a real strength.

What does this mean? Please read on.

CONTINUED







 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter