Ubuntu 8.10 Uncomplicated Firewall GUI
The UFW has a GUI front end that you can add to it to provide an “easier” method of working with the firewall.
Install GUFW
apt-get install gufw
You will see that it will be installed and available using System/Adminstration/Firewall administration.
The interface is set up for several different options. The “Current Configuration” has a default deny on all incoming traffic which should be a standard choice for all Desktop situations. You can see that the firewall is enabled. You have three tabs to add rules to the firewall. Note that because the firewall is deny, you will have to allow incoming links. The one caution that you need to understand is that when you open ports you are doing so because you want to provide services to other users, for instance if you wanted to allow them to view a web site or get a ftp download. You should not open your computer to other computers unless you know what you are doing.
Simple Tab
The simple option allows you to allow a service, like ftp. Just enter ftp in the window and you can see the rule has been created. Now anyone can access ftp on your machine. The simple tab does not allow you to choose who can use ftp, thus this is not a good choice if you want to restrict who can connect to your machine.
Preconfigured Tab
The preconfigured tab allows you so select a service, like ssh, and choose Add and now two rules are added. This tab suffers from the same issue as UFW in that in terms of SSH you really do not want to open up port 22 and udp. Why the preconfigured option adds an unwanted protocol and port is hard to understand. It is difficult to even understand why this preconfigured tab is an option.
Advanced Tab
Unfortunately the only tab that really provides a decent way to construct a firewall is the advanced tab. You may select “Allow” and choose a protocol, like tcp, and then you can restrict who may access your machine. If you do not add any ports, as in the example it will create a rule that will allow a computer to connect on any ports available. So in the example192.168.5.14 can connect on any port to the computer at 192.168.5.43.
This next example is a better option because a port is added so that the computer at 192.168.5.14 is only allowed to connect on port 22.
Another feature of the firewall is you can set limits on different services so that you can give priority to other services, thus managing your bandwidth. Here is an example of limiting bandwidth for SSH by choosing limit on the Preconfigured tab.
Epic! It’s such a shame more folks don’t know about this site, this article covered what I needed today.