Ubuntu 8.04 “Hardy” Quick Review – Uncomplicated Firewall

By | 2008/02/06

I installed Ubuntu 8.04 “Hardy” Alpha 4 a day or two ago and I finally got some time to poke around with some of the new features. The new features that are of the most interest to me are the security related features such as firewalling, SELinux, etc.

note: SELinux will not be default in Ubuntu 8.04 but the Ubuntu Hardened team has been working hard on getting it usable. If you’d like to help in the testing and development of SELinux on Ubuntu join our team!

The feature that I played with this afternoon is Ubuntu’s “Uncomplicated Firewall”. I have to say that when I first heard we were going to reinvent the wheel again (I mean, we have iptables, right?) I was a little discouraged. After playing with ufw I have to say I am pretty impressed.

ufw is simply a front-end to iptables. We’re still using the same iptables/netfilter underneath, just not requiring iptables syntax–trying to make things a little more “for human beings” I suppose you could say.

Now I may not be the “standard” Ubuntu user as seen by the rest of the Linux world. I know my way around Linux, spend the majority of my time on the command line and even teach Linux for a living. What I’m trying to say is I’m familiar enough with iptables, so I wondered how we could possibly make it easier. Well they did a good job. Here are a few examples:

sudo ufw default deny – sets the default policies to deny (drop)

sudo ufw allow 22/tcp – allows tcp connections on port 22

sudo ufw deny 25 – denies connections on port 25 (tcp/udp)

sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53 – we can even be specific between source and destination ports and ips.

… you get the idea. It’s really simple, nearly human readable syntax. I still think iptables is pretty easy, but I think I’ll be perfectly comfortable using ufw as a front-end to iptables moving forward with Ubuntu 8.04 “Hardy”.

4 thoughts on “Ubuntu 8.04 “Hardy” Quick Review – Uncomplicated Firewall

  1. bastianazzo

    it seems very nice and clean!! and, most of all, not reinventing the wheel again, but making just another already working tool, simpler and more usable :)

    Reply
  2. noshellswill

    Text? Oh my dear sir. Unspeakable! That text-only requirement eliminates 99.9% of all computer users from using that firewall. But, perhaps you wish to prevent 99.9% of all computer users from using Ubuntu. How 37353

    Even LAST CENTURY freeware knew better.

    Reply
    1. Theozaurus

      Providing it as a shell tool means that it provides an easy interface for package managers to deal with. This means that packages can be written to automatically setup rules. I can't see it getting any easier than that.

      Gufw is a GUI that will use ufw under the hood, for those users that cannot operate a command line but still need control over their firewall.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *