Two Apps To Easily Create Network Firewall Rules For Ubuntu

firewallpainting   Two Apps To Easily Create Network Firewall Rules For UbuntuLinux is one of the most secure operating systems out there. Generally, you don’t need an antivirus, files cannot execute without your permission and there is a lot to protect you from people with malicious intent. One common tool that system administrators and home users use alike is the firewall.

A firewall, in the crudest of forms, just intercepts the incoming packets, and sees what to do with them, before they are sent to their destined applications on your computer or forwarded elsewhere. The “see what to do with them” part comes from a set of user defined network firewall rules that decides whether or not to accept or reject a packet.

The Linux kernel has a built in filtering system that can accept or reject a packet depending upon a set of rules, which is essentially what we want. The remaining thing is then how we can specify these rules.


By default, Ubuntu and other Linux distributions include the iptables utility that can be used to define and manage network firewall rules that are applied to the network traffic through the computer under question. The thing about iptables is that the command line switches and options are very cryptic and there are at least a few hundred of those. In other words it’s far from what you would call user friendly.

Here is an example of a typical iptables rule:

# iptables -A INPUT -s xmail.spammer.ru -d 10.4.5.6 -p tcp –dport 25 -j REJECT

Things should be a lot easier, don’t you think?. I mean, there are software available for Windows that will give you a fully functional firewall out of the box, which you can modify later. And indeed there are a number of software that can help you configure a firewall easily on Linux as well.

UFW & GuFW

For Ubuntu users there is the Uncomplicated Firewall (also called UFW). UFW is also a command line utility, although it has a much simpler syntax. First you allow or deny all incoming/outgoing connections as the need may be and then selectively enable or disable the traffic at said ports, or from certain hosts or for certain services. Perhaps an example would make things a lot more clear:

ufw allow 8080/tcp allows all access to the port 8080. Similarly ufw deny 21 denies all access to port 21 (or FTP)

Selection 009   Two Apps To Easily Create Network Firewall Rules For Ubuntu

UFW also has a graphical frontend called GuFW. It provides you with a graphical interface that can be used to create the most sophisticated of rules, without any need to remember the switches and options for UFW. You can install it via the Ubuntu Software Center, or you can use the sudo apt-get install gufw command as well.

Firestarter

Firestarter is yet another popular tool, that makes Linux firewall configuration a lot easier. Again you can find and install Firestarter via the Ubuntu Software Center, or use sudo apt-get install firestarter.

Unlike GuFW, which is simply a GUI front-end for the UFW utility, Firestarter is a lot more feature rich and by default, starts in a wizard mode to make things easier for you. The wizard takes care of detecting your network device and optionally setting up Internet Connection Sharing and the likes.

Selection 007   Two Apps To Easily Create Network Firewall Rules For Ubuntu

Again you can create network firewall rules just as easily and Firestarter will take care of all the internal details. To create a rule, head over to the Policy tab, right click inside one of the active areas and you will be able to add a rule (or policy) for that type.

In the following screen, for example I am allowing inbound HTTP traffic from the host 192.168.0.56. Add the optional comment if you desire and the rule is added.

Selection 008   Two Apps To Easily Create Network Firewall Rules For Ubuntu

These are not the only tools available for configuring Linux firewalls. There are others like ipkungfu and shorewall, which let you do the same things. Firestarter and UFW/GuFW are the most common yet easy to use tools for the job out there. If all you need is to configure a firewall for your home computer or server, these should get the job done without much pain.

Do you use a firewall on Linux?  If so, what tools or utilities do you use?

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

4 Comments -

l3gion

Firewall Builder is also an excellent application. ;)

Waldir Leôncio

I don’t have a firewall installed on my Ubuntu 10.04. Should I be worried? Is the system doing any filtering automatically so I don’t have to care about tweaking port permissions?

Steronius

I’m using webmin to edit iptables. I tried firestarter, but was limited that tad-hair that made me go webmin.

@Waldir if you are behind a home router, you are better than nothing. If you have no services to connect to *maybe* you don’t need a firewall. ssh is on by default. make sure you have a strong password. firewall recommended over none.

Steronius

I’m using webmin to edit iptables. I tried firestarter, but was limited that tad-hair that made me go webmin.

@Waldir if you are behind a home router, you are better than nothing. If you have no services to connect to *maybe* you don’t need a firewall. ssh is on by default. make sure you have a strong password. firewall recommended over none.