Mint 16 XFCE is my go to boot for public wif-fi hotspots, etc.
I read a tip on activating and configuring the built-in UFW firewall (which I was unaware of) using GUFW interface (which must be installed but is very nice). I immediately thought it might interfere with Dropbox and found preconfigured permissions in GUFW for that, but am wondering if using the firewall might cause any other issues. Search box here turns up empty. Would be interested in experiences from knowledgeable users.
GUFW Firewall - any issues?
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
GUFW Firewall - any issues?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
TRUST BUT VERIFY any advice from anybody, including me. Mint/Ubuntu user since 10.04 LTS. LM20 64 bit XFCE (Dell 1520). Dual boot LM20 XFCE / Win7 (Lenovo desktop and Acer netbook). Testing LM21.1 Cinnamon and XFCE Live for new Lenovo desktop.
Re: GUFW Firewall - any issues?
You don't need the GUFW, it does very little; only allowing you to see or enable the ufw
https://help.ubuntu.com/community/UFW
If you want to work with the firewall rules within a gui, you would be better off with something like shorewall or firehol
http://shorewall.net/
https://en.wikipedia.org/wiki/FireHOL
https://help.ubuntu.com/community/UFW
If you want to work with the firewall rules within a gui, you would be better off with something like shorewall or firehol
http://shorewall.net/
https://en.wikipedia.org/wiki/FireHOL
Re: GUFW Firewall - any issues?
Thanks for the links.DrHu wrote:You don't need the GUFW, it does very little; only allowing you to see or enable the ufw
https://help.ubuntu.com/community/UFW
If you want to work with the firewall rules within a gui, you would be better off with something like shorewall or firehol
http://shorewall.net/
https://en.wikipedia.org/wiki/FireHOL
Not sure if you've looked at the current version of GUFW, which seems to do most or all of what's shown as terminal commands in the ubuntu community link. I'm not so worried about that, as whether there are performance or functional issues that the firewall might cause to normal networking. I'm not a user of sophisticated FTP or anonymizing protocols, just normal stuff.
TRUST BUT VERIFY any advice from anybody, including me. Mint/Ubuntu user since 10.04 LTS. LM20 64 bit XFCE (Dell 1520). Dual boot LM20 XFCE / Win7 (Lenovo desktop and Acer netbook). Testing LM21.1 Cinnamon and XFCE Live for new Lenovo desktop.
Re: GUFW Firewall - any issues?
As has been mentioned before GUFW is merely a frontend (GUI) for UFW and that in itself is a frontend for iptables. Although I have GUFW I rarely use it, only to look at the rules. Again it is easier to use the Terminal.
It depends entirely on what you want to do - and remember that iptables most likely already works. Type 'man iptables' in Terminal to see how it performs. Next type 'sudo iptables -L' to show all the chains selected (if any).
Right, now UFW, presumably you have nothing so far.
Now type the following rules (using the Terminal as superuser i.e precede all commands by sudo).
ufw enable
ufw default deny
ufw allow out 20,21,22,25,80,139,443/tcp #the ports most widely used- mail,ftp etc
ufw allow out 53,137,138/udp #for port explanations google list as required
ufw deny out to any # close all other ports
The above is the simplest, however if you need a printer (cups), you also need to open port 638 type 'ufw allow out CUPS' and if it is a network printer this will use port 9100. You also then need to give the IP address as follows:
ufw allow out proto tcp from port 9100 to 192.168.x.0/24 # x is depending on what the router will issue.
Lastly remember sequence in commands. You cannot 'deny out to any' followed by allowing CUPS out (obviously).
Hope this is useful.
Pat
It depends entirely on what you want to do - and remember that iptables most likely already works. Type 'man iptables' in Terminal to see how it performs. Next type 'sudo iptables -L' to show all the chains selected (if any).
Right, now UFW, presumably you have nothing so far.
Now type the following rules (using the Terminal as superuser i.e precede all commands by sudo).
ufw enable
ufw default deny
ufw allow out 20,21,22,25,80,139,443/tcp #the ports most widely used- mail,ftp etc
ufw allow out 53,137,138/udp #for port explanations google list as required
ufw deny out to any # close all other ports
The above is the simplest, however if you need a printer (cups), you also need to open port 638 type 'ufw allow out CUPS' and if it is a network printer this will use port 9100. You also then need to give the IP address as follows:
ufw allow out proto tcp from port 9100 to 192.168.x.0/24 # x is depending on what the router will issue.
Lastly remember sequence in commands. You cannot 'deny out to any' followed by allowing CUPS out (obviously).
Hope this is useful.
Pat
Re: GUFW Firewall - any issues?
Pat, Very handy info, thanks.
TRUST BUT VERIFY any advice from anybody, including me. Mint/Ubuntu user since 10.04 LTS. LM20 64 bit XFCE (Dell 1520). Dual boot LM20 XFCE / Win7 (Lenovo desktop and Acer netbook). Testing LM21.1 Cinnamon and XFCE Live for new Lenovo desktop.