2

I've used Ubuntu since more than a year now, as the Oneiric Ocelot has more than exceeded my expectations and provides most things out of the box. However, there is one feature that both Windows and Fedora provides - a network firewall that allows us to block specific incoming/outgoing ports such as HTTP(80), FTP(21), etc. I've seen it on Fedora17.

Since I'm going to learn some network programming, such a firewall will be very much useful for my development and testing.

Is there any such equivalent (and reliable) package in Ubuntu repository? I'm aware that I cannot fetch anything from the Fedora repo as they are in RPM formats, and also don't want to mess something with my Ubuntu deb packaging.

Jorge Castro
  • 71,754
Prahlad Yeri
  • 1,657
  • Exact Duplicate: http://askubuntu.com/questions/57237/getting-dynamic-firewall-from-fedora-15-into-ubuntu – stephenmyall Jul 30 '12 at 13:18
  • 2
    Well, not an "exact" duplicate, as I am not too inclined to use the Fedora firewall, but am searching for an Ubuntu alternative instead. – Prahlad Yeri Jul 30 '12 at 13:36
  • +1 Understood, Just making you aware the question was there incase you found it useful. This line "Or can I install such software from somewhere else?"made me think you consider the fedora FW – stephenmyall Jul 30 '12 at 13:40
  • 1
    ufw (see Rinzwind's answer), gufw (the gui version of UFW, needs GNOME runtime libs), or direct iptables commands are good ones. firestarter is deprecated nowadays since it requires admin privileges to run, regardless of user, so that is dangerous. – Thomas Ward Jul 30 '12 at 16:37
  • It seems that ufw also needs admin privileges to run. What does it make different from firestarter? deprecated maybe... but risky? @Rinzwind said in the accepted answer: "How can you compare that!? A firewall either does what is does or it is not a firewall..." or is it that people MUST use ONLY what is supported by ubuntu? or even worst... what you say? – Geppettvs D'Constanzo Jul 30 '12 at 18:36
  • @GeppettvsD'Constanzo only to change things. Firestarter was a GUI that always needed sudo in order to both view and modify the firewall. ufw does require sudo, yes, but iptables is teh same way, and after wards, it closes down whatever you're running. Every firewall needs admin privs, but Firestarter needs it just to load. And if you close firestarter, the firewall settings get purged. They never fixed that bug, and its been tehre for ages. – Thomas Ward Jul 30 '12 at 18:51
  • I can see you never used Firestarter in the right way. But ok. I used it and I yet use it and I have never experienced these issues you mention. But it's ok. Let's say it's ok. Thank you! – Geppettvs D'Constanzo Jul 30 '12 at 18:55

2 Answers2

8

UFW - Uncomplicated Firewall

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Gufw is a GUI that is available as a frontend.

UFW is installed by default but inactve:

sudo ufw status
Status: inactive

Enable:

sudo ufw enable

Disable:

sudo ufw disable

Examples

sudo ufw allow /
sudo ufw allow 53
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
sudo ufw deny /
sudo ufw deny 53
sudo ufw deny 53/tcp
sudo ufw deny 53/udp

enter image description here

More info in the 1st link.

Rinzwind
  • 299,756
  • Thanks Rinzwind. But is ufw as reliable and robust compared to the Fedora firewall which is based on RHEL? In this link: http://askubuntu.com/questions/57237/getting-dynamic-firewall-from-fedora-15-into-ubuntu, the RHEL one seems to have several features such as masquerading, port-forwarding, ICMP filter, etc. whereas ufw just provides allow/deny. – Prahlad Yeri Jul 30 '12 at 13:34
  • 4
    Reliable? Yes, absolutely. Robust as Fedora? How can you compare that!? A firewall either does what is does or it is not a firewall... – Rinzwind Jul 30 '12 at 13:38
  • They are both based on iptables, just frontends. Just try 'sudo iptables -L' to see exactly (no, there are more, but...) what they do. Yes, it's complicated. That is why there are such tools like ufw. If you tell us more specificly what to do, we could give you other suggestions. – Anders Jul 30 '12 at 17:05
  • @Anders What I exactly need is a GUI interface like that the windows provides, or one like Fedora/RHEL that I provided in the link. Just want to block incoming/outgoing ports without bothering about underlying iptables, etc. It would be preferable to also block specific programs from accessing certain networks (like Windows fw provides). But yes, presently I think ufw or Gufw can serve my purpose. – Prahlad Yeri Jul 30 '12 at 17:19
  • I added in an image. Makes it a bit more clear (from images on google the Fedora one looks rather nice :D ) – Rinzwind Jul 30 '12 at 18:19
  • Thanks Rinzwind, that looks pretty. Just out of curiosity, can I use gufw on debian too as ubuntu is debian based? – Prahlad Yeri Jul 30 '12 at 19:27
  • 1
    yes sir: http://packages.debian.org/sid/gufw @PrahladYeri – Rinzwind Jul 30 '12 at 19:55
3

The default firewall in Ubuntu is ufw - Uncomplicated Firewall. It is a command line tool, designed to be simpler than iptables, the common *nix firewall. A graphical version would be Gufw. You may install that by copying this in a terminal:

sudo apt-get install gufw

Note that ufw is disabled by default. ??! Maybe because only a few people really mess with the firewall rules? If you need more geeky features, you may use Firewall Builder. Not tried it myself, but the interface looks more complex...

sudo apt-get install fwbuilder
melvincv
  • 731
  • If you don't run servers, you don't need firewalls. As default desktop Ubuntu doesn't have any network servers running by default, there are no need for a firewall activated. If you don't run a router, I can't see any use of more complicated rules than what ufw (and gufw) gives you. – Anders Aug 11 '12 at 01:38