Ubuntu Firewalls Guide. Part II: Gufw

Indeed a pleasure to see your system secured by sophisticated firewall solution. However, not everyone is ready for a challenge of configuring firewall from command line (or shell).

In this guide, we’ll try to review Gufw frontend for Ubuntu firewall. While there are number of other frontends Gufw, in our opinion, is the easiest to understand, and hence to configure and control the way network security of your computer.
Installation

In case you’re not familiar with process of software installation, please refer to Software installation chapter of our Ubuntu Basics Guide, for detailed graphical guide.

Let’s go:

1. Open Synaptic from System > Administration > Synaptic Package Manager.
2. You’ll be asked to provide your (administrative) password.
3. Type in “gufw” in Quick search box.
4. Locate “gufw” right click on it and select “Mark for Installation”.
5. Click “Mark” on “Mark additional required changes?”, if such dialog is displayed.
6. Press “Apply” button on the top.
7. Press “Apply” on “Apply the following changes” dialog.
8. Gufw is now installing. When it’s done, press close and close Synaptic. NOTE: Installation requires active internet connection, to download Gufw from repository.

Usage

When Gufw is installed, you may launch it from System > Administration > Firewall configuration.

NOTE: Normally, you should be asked to provide your (administrative) password, but since you’ve been already authorized during Synaptic run, you will not be asked for this the first time.

You’ll see “Firewall” window, which is it – Gufw frontend.

To turn firewall on, check “Enabled” button.

Firewall is now active. If you need it, you can now select default policy for incoming and outgoing packets.

Please refer to Default Policy section of Ufw article, in case you need more information about it.

To add new rule, press “Add” button. In “Add Rule” dialog, you can see three tabs – preconfigured, simple and advanced.

Preconfigured tab

Preconfigured tab features simplified configuration mode, where you can choose filtering port by application or service names.

So, for example, if we want to allow Amule program to accept incoming connection, we should select:

• Allow (1st list)
• In (2nd list)
• Program (3rd list)
• Amule (4th list)

And press “Add”.

Congratulations! Your first firewall rule is created.

Simple tab

Supposedly we want to define port to define manually. For this we’ll need to switch to Simple tab, where we’ll find three lists and a field.

First list contains actions to perform with new network packet your system receives. Available options are:

• Allow – to accept the packet
• Deny – to drop the packet
• Reject – to refuse the packet (notify the other side, that the packet is refused)
• Limit – to limit connection rate (for 6 connections in last 30 seconds)

Second list is switch between two modes:

• In – for incoming packets
• Out – for outgoing packets

Third list allows you to select protocol:

• TCP – for connection-based packets
• UDP – for connectionless packets
• Both – for both types of packets

Now field is where we should type the port to filter. It can be done in several ways:

• Numeric – single numeric value, such as 80
• Range – ranged value, such as 8000:8080 (equals to 8000-8080)
• List – multiple numeric or ranged values, through comma, without spaces, such as 25,80,110,5050:5060

NOTE: Total number of ports in list should not be over 15 for compatibility reason. Ranges are counted as two ports (2 items of list).

When you’ve filled all required values, press “Add” to see your rule added to the firewall.

Advanced tab

If you need to filter specific IP address or range, you can do so in Advanced tab.

1. Switch to Advanced tab
2. Select appropriate action
3. Choose the direction
4. Select protocol
5. Type in IP address, network mask, list of IP addresses.
6. Type in Port.

If you noticed, there are two different field sets for IPs and ports – From and To. These are to be used separately, on case-by-case basis.

For example, if you want to disallow inbound traffic from IP address 123.45.67.89, you type this address into From field. Similarly, if you want to deny outgoing connections to that address, you type into To field.

When you’re satisfied with your rule, press “Add” button to apply it.

If you want to remove a rule, locate it in the list of rules and press “Remove” button.

Reset rules

In case you want to reset rules, you can do so by going to Edit > Reset Configuration… .

You will be asked whether you are sure that you want to continue. Press “OK” to remove all the rules.

Preferences

Gufw also contains preferences, where you can define some additional options. To access preferences, go to Edit > Preferences.

Listening Option

• Enable listening report – extends Gufw window to provide Listening reports, or details of all opened ports. That information will be displayed in form of protocol, port, listening address and application that listens.

Log Options

• Enable Gufw logging – turns on Gufw actions logging (see below). It is unchecked by default.
• Enable ufw logging – turns on ufw default logging mode. It is checked by default.
• Set level – allows you to choose how detailed logging is going to be. Available options are “Low”, “Medium”, “High” and “Full”. It is recommended to leave it on “Low”.

Log

To access Gufw actions log, go to File > Log.

Here you can see the list of actions performed by Gufw.

In case you’re planning to use these actions for scripting purpose (eg. for your server), you can check “Show for server script” box. This will remove all verbose information, leaving you with pure ufw commands list.