Over the years, Linux has gained the reputation of being one of the safest operating systems to work on. While viruses for Linux technically exist, none are in known circulation, and even then it’s extremely difficult for them to run correctly without a large amount of user interaction (such as the user blindly granting root permissions).
While it’s decently safe from viruses, there’s still another threat which affects all computers with networking capabilities: attacks through ports. In order to control which ports can accept data and which ones should be closed, operating systems use firewalls.
It’s not very obvious to users that Linux even comes with a firewall, as the inclusion of firewall-controlling software varies between distributions. In case your distribution doesn’t include an application to control the firewall (known as “iptables” under geeks), what should you use?
The answer is easy — GUFW! Some distributions (such as Ubuntu) use a tool called ufw to make managing iptables a lot easier, but there’s one problem — ufw is still just a command line tool. However, GUFW was created as a graphical front-end to ufw, so anyone can easily configure their firewall without getting too nitty gritty. Please note that GUFW can’t make 100% use out of iptables, but most common home users won’t need full use out of iptables anyways, so GUFW is great for them. For professionals and other people will high needs, they will most likely need to use ufw or configure iptables directly (and they’ll probably already know how to use it, too).
One of the great things about GUFW is that it truly makes the firewall seem like a beast you can actually control with ease. When you open the application, you’ll first need to unlock it by clicking on the Unlock button and then entering in your password so that it has administrative rights. From here, you can keep it as simple or as complicated as you’d like. In order to protect your computer from outside attacks while still keeping your system useable, turn on the firewall if it isn’t already, then choose Allow for Outgoing and Deny for Incoming. If you choose Reject for Incoming instead, you’ll find that simple tasks such as internet browsing no longer work. If you’re paranoid and know which ports you’re using, you can choose Reject and then open up each individual port that you know you need.
Going to the Edit menu and choosing Preferences will allow you to choose whether ufw should be logging firewall events (and how detailed the log should be), whether GUFW should include a listening report in the window (as shown in the screenshot), and whether certain notifications should appear via libnotify.
There’s a couple of different ways which you can add rules. You can keep it very simple, and simply allow/deny programs or services. You can also open up or lock down specific ports if you know the number you need to control.
If you need a higher amount of control (such as rerouting data from certain ports), you can use the Advanced tab and get exactly what you need. I don’t think many non-professionals will need anything more complex than what’s offered in the Advanced tab.
To install GUFW, simply search through your respective package manager for “gufw”. Ubuntu users can also run the command
sudo apt-get install gufw to accomplish the same task. After a quick and simple installation, you’re all set to tweak to your heart’s content.
It’s important to make sure that your firewall is configured properly, as any machine with a direct connection to the Internet will be at risk from hackers trying to get into your system and causing havoc. With useable tools in hand, there’s no reason for you not to get this done to keep yourself safe. If you haven’t already, do it now before you forget!
What custom rules do you have set in your firewall? Any tips you can offer on configuring them? Let us know in the comments!
Image Credit: Geekr