GUFW Firewall - any issues?

Questions about WIFI networks and devices
Forum rules
Before you post please read how to get help
Post Reply
User avatar
I2k4
Level 5
Level 5
Posts: 600
Joined: Thu Feb 02, 2012 8:33 pm

GUFW Firewall - any issues?

Post by I2k4 » Sat Apr 26, 2014 3:08 pm

Mint 16 XFCE is my go to boot for public wif-fi hotspots, etc.

I read a tip on activating and configuring the built-in UFW firewall (which I was unaware of) using GUFW interface (which must be installed but is very nice). I immediately thought it might interfere with Dropbox and found preconfigured permissions in GUFW for that, but am wondering if using the firewall might cause any other issues. Search box here turns up empty. Would be interested in experiences from knowledgeable users.
TRUST BUT VERIFY any advice from anybody, including me. M18.3 XFCE (Dell 1520) 64 bit. Dual booting M19.1 XFCE / W7 (Acer netbook) and M19.1 Cinnamon / W7 (Lenovo desktop) 64 bit. Persistent live USB pretesting M19.2 Cinnamon and XFCE.

User avatar
DrHu
Level 17
Level 17
Posts: 7537
Joined: Wed Jun 17, 2009 8:20 pm

Re: GUFW Firewall - any issues?

Post by DrHu » Sat Apr 26, 2014 4:26 pm

You don't need the GUFW, it does very little; only allowing you to see or enable the ufw
https://help.ubuntu.com/community/UFW

If you want to work with the firewall rules within a gui, you would be better off with something like shorewall or firehol
http://shorewall.net/
https://en.wikipedia.org/wiki/FireHOL

User avatar
I2k4
Level 5
Level 5
Posts: 600
Joined: Thu Feb 02, 2012 8:33 pm

Re: GUFW Firewall - any issues?

Post by I2k4 » Sat Apr 26, 2014 5:59 pm

DrHu wrote:You don't need the GUFW, it does very little; only allowing you to see or enable the ufw
https://help.ubuntu.com/community/UFW

If you want to work with the firewall rules within a gui, you would be better off with something like shorewall or firehol
http://shorewall.net/
https://en.wikipedia.org/wiki/FireHOL
Thanks for the links.

Not sure if you've looked at the current version of GUFW, which seems to do most or all of what's shown as terminal commands in the ubuntu community link. I'm not so worried about that, as whether there are performance or functional issues that the firewall might cause to normal networking. I'm not a user of sophisticated FTP or anonymizing protocols, just normal stuff.
TRUST BUT VERIFY any advice from anybody, including me. M18.3 XFCE (Dell 1520) 64 bit. Dual booting M19.1 XFCE / W7 (Acer netbook) and M19.1 Cinnamon / W7 (Lenovo desktop) 64 bit. Persistent live USB pretesting M19.2 Cinnamon and XFCE.

User avatar
patrice4419
Level 1
Level 1
Posts: 23
Joined: Wed Feb 05, 2014 10:12 am

Re: GUFW Firewall - any issues?

Post by patrice4419 » Sun Apr 27, 2014 3:55 pm

As has been mentioned before GUFW is merely a frontend (GUI) for UFW and that in itself is a frontend for iptables. Although I have GUFW I rarely use it, only to look at the rules. Again it is easier to use the Terminal.
It depends entirely on what you want to do - and remember that iptables most likely already works. Type 'man iptables' in Terminal to see how it performs. Next type 'sudo iptables -L' to show all the chains selected (if any).
Right, now UFW, presumably you have nothing so far.
Now type the following rules (using the Terminal as superuser i.e precede all commands by sudo).
ufw enable
ufw default deny
ufw allow out 20,21,22,25,80,139,443/tcp #the ports most widely used- mail,ftp etc
ufw allow out 53,137,138/udp #for port explanations google list as required
ufw deny out to any # close all other ports

The above is the simplest, however if you need a printer (cups), you also need to open port 638 type 'ufw allow out CUPS' and if it is a network printer this will use port 9100. You also then need to give the IP address as follows:
ufw allow out proto tcp from port 9100 to 192.168.x.0/24 # x is depending on what the router will issue.
Lastly remember sequence in commands. You cannot 'deny out to any' followed by allowing CUPS out (obviously).

Hope this is useful.

Pat
(Penguin PocketWee running Mint 17.1 Cinnamon, Intel Dual Core i5-4250U 1.3Ghz (2.6 Turbo), 8Gb DDR3, mSATA SSD 250Gb, wireless dual band.
The router (D-Link DS3580L) with USB slot.

User avatar
I2k4
Level 5
Level 5
Posts: 600
Joined: Thu Feb 02, 2012 8:33 pm

Re: GUFW Firewall - any issues?

Post by I2k4 » Mon Apr 28, 2014 11:03 am

Pat, Very handy info, thanks.
TRUST BUT VERIFY any advice from anybody, including me. M18.3 XFCE (Dell 1520) 64 bit. Dual booting M19.1 XFCE / W7 (Acer netbook) and M19.1 Cinnamon / W7 (Lenovo desktop) 64 bit. Persistent live USB pretesting M19.2 Cinnamon and XFCE.

Post Reply

Return to “Wireless”