UncomplicatedFirewall
|
Size: 4063
Comment: total rewrite
|
Size: 4144
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| netfilter firewalling using only `iptables` can be a daunting task. As a | `netfilter` firewalling using only `iptables` can be a daunting task. As a |
| Line 15: | Line 15: |
| With 8.04 LTS, Ubuntu introduced the Uncomplicated Firewall (ufw). ufw is a frontend for iptables, and is installed but not enabled by default in Ubuntu |
With 8.04 LTS, Ubuntu introduced the Uncomplicated Firewall (`ufw`). `ufw` is a frontend for `iptables`, and is installed but not enabled by default in Ubuntu |
| Line 18: | Line 18: |
| firewalls, ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an |
firewalls, `ufw` provides a framework for managing `netfilter`, as well as a command-line interface for manipulating the firewall. `ufw` aims to provide an |
| Line 21: | Line 21: |
| the same time simplifies complicated iptables commands to help an adminstrator who knows what he or she is doing. ufw is an upstream for other distributions |
the same time simplifies complicated `iptables` commands to help an adminstrator who knows what he or she is doing. `ufw` is an upstream for other distributions |
| Line 26: | Line 26: |
| Getting started with ufw is easy. For example, to enable firewall, allow | Getting started with `ufw` is easy. For example, to enable firewall, allow |
| Line 40: | Line 40: |
| outbound connections allowed with connections tracking. See 'More Information' | outbound connections allowed with connections tracking. See [[https://wiki.ubuntu.com/UbuntuFirewall#More%20Information|More Information]] |
Contents |
Introduction
The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. iptables provide a complete firewall solution that is both highly configurable and highly flexible.
Becoming proficient in iptables takes time, and getting started with netfilter firewalling using only iptables can be a daunting task. As a result, many frontends for iptables have been created over the years, each trying to achieve a different result and targeting a different audience.
With 8.04 LTS, Ubuntu introduced the Uncomplicated Firewall (ufw). ufw is a frontend for iptables, and is installed but not enabled by default in Ubuntu (users must explicitly enable it). Particularly well-suited for host-based firewalls, ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an adminstrator who knows what he or she is doing. ufw is an upstream for other distributions and graphical frontends.
Basic Usage
Getting started with ufw is easy. For example, to enable firewall, allow ssh access, enable logging, and check the status of the firewall, perform:
$ sudo ufw allow ssh/tcp $ sudo ufw logging on $ sudo ufw enable $ sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp ALLOW Anywhere
This sets up a default deny (DROP) firewall for incoming connections, with all outbound connections allowed with connections tracking. See More Information for full details.
Features
Feature |
8.04 LTS |
8.10 |
9.04 |
default policy (allow/deny) |
yes |
yes |
yes |
allow/deny rules |
yes |
yes |
yes |
ipv6 |
yes |
yes |
yes |
status |
yes |
yes |
yes |
logging (on/off) |
yes |
yes |
yes |
application integration |
-- |
yes |
yes |
limit rules (rate limiting) |
-- |
yes |
yes |
multiport rules |
-- |
yes |
yes |
debconf/preseeding |
-- |
-- |
yes |
default policy (reject) |
-- |
-- |
yes |
reject rules |
-- |
-- |
yes |
rule insertion |
-- |
-- |
yes |
log levels |
-- |
-- |
yes |
per rule logging |
-- |
-- |
yes |
More Information
- Ubuntu 8.04 LTS (Hardy Heron)
- Ubuntu 8.10 (Intrepid Ibex)
- Ubuntu 9.04 (Jaunty Jackalope)
Specification: UbuntuFirewallSpec
UncomplicatedFirewall (last edited 2023-10-18 01:29:55 by sbeattie)