Ubuntu is a popular Linux distribution that comes with a built-in firewall. This firewall can be used to protect your computer from unauthorized access, and it can also be used to prevent you from being infected by the internet. To configure Ubuntu’s firewall, you first need to create a file called /etc/firewall.conf. This file contains the following information: -Port number: The port number that your computer will use to communicate with the Ubuntu firewalls. -Protocol: The protocol that your computer will use to communicate with the Ubuntu firewalls. -Action: The action that your computer will take when it receives an incoming request from the Ubuntu firewalls. The first thing you need to do is determine which protocol your computer will use when communicating with the Ubuntu firewalls. You can do this by looking at the file /etc/protocols and finding the protocol that corresponds to your computer’s operating system type. For example, if your computer is running Windows, then you would look at /etc/protocols and find TCP/IP Protocols. If your computer is running MacOS, then you would look at /etc/protocols and find AppleTalk Protocols. Once you have determined which protocol your computer will use, you next need to determine which action your computer will take when it receives an incoming request from the Ubuntu firewalls. You can do this by looking at the file /etc/action and finding one of several possible actions that correspond to each type of request (for example, denied or allowed). If you are not sure which action should be taken for a particular request, then you can consult one of our support staff members who can help guide you through configuring Ubuntu’s firewall for specific applications or situations.
Ubuntu includes its own firewall, known as ufw — short for “uncomplicated firewall.” Ufw is an easier-to-use frontend for the standard Linux iptables commands. You can even control ufw from a graphical interface.
Ubuntu’s firewall is designed as an easy way to perform basic firewall tasks without learning iptables. It doesn’t offer all the power of the standard iptables commands, but it’s less complex.
Terminal Usage
The firewall is disabled by default. To enable the firewall, run the following command from a terminal:
You don’t necessarily have to enable the firewall first. You can add rules while the firewall is offline, and then enable it after you’re done configuring it.
Working With Rules
Let’s say you want to allow SSH traffic on port 22. To do so, you can run one of several commands:
Ufw assumes you want to set the rule for incoming traffic, but you can also specify a direction. For example, to block outgoing SSH traffic, run the following command:
sudo ufw allow 22/tcp (Allows only TCP traffic on this port.)
sudo ufw allow ssh (Checks the /etc/services file on your system for the port that SSH requires and allows it. Many common services are listed in this file.)
You can view the rules you’ve created with the following command:
To delete a rule, add the word delete before the rule. For example, to stop rejecting outgoing ssh traffic, run the following command:
Ufw’s syntax allows for fairly complex rules. For example, this rule denies TCP traffic from the IP 12.34.56.78 to port 22 on the local system:
To reset the firewall to its default state, run the following command:
Application Profiles
Some applications requiring open ports come with ufw profiles to make this even easier. To see the application profiles available on your local system, run the following command:
View information about a profile and its included rules with the following command:
Allow an application profile with the allow command:
More Information
Logging is disabled by default, but you can also enable logging to print firewall messages to the system log:
For more information, run the man ufw command to read ufw’s manual page.
GUFW Graphical Interface
GUFW is a graphical interface for ufw. Ubuntu doesn’t come with a graphical interface, but gufw is included in Ubuntu’s software repositories. You can install it with the following command:
GUFW appears in the Dash as an application named Firewall Configuration. Like ufw itself, GUFW provides a simple, easy-to-use interface. You can easily enable or disable the firewall, control the default policy for inbound or outbound traffic, and add rules.
The rules editor can be used to add simple rules or more complicated ones.
Remember, you can’t do everything with ufw — for more complicated firewall tasks, you’ll have to get your hands dirty with iptables.
