How in the Tech
Simplifying IPTABLES with UFW and Ubuntu
Tags: While it may be hard to believe, until Hardy Heron, Ubuntu did not ship with a firewall in it’s base install. You’d never dream of putting a Windows machine out on the Internet naked, for all to poke and prod. Things are different on Ubuntu for a few reasons:
- Fewer services are running by default on an Ubuntu install, as compared to Windows.
- Ubuntu (and really Linux) have always had security as a priority, while Microsoft has only recently began to focus on the problems in Vista. Windows is getting better in this regard.
- Lastly, and probably the biggest reason, the overwhelming install base of Windows makes for an easier target. Looking to do some evil? You’d likely focus your sights on something that can cause the most virtual damage - Windows and it’s 90% desktop market share.
Irregardless, running behind a software firewall is a good practice to adopt. Ubuntu 8.04 has introduced the Uncomplicated Firewall or ufw with the goal of integrating the power and flexibilty of iptables without the overcomplicated nature that usually comes along for the ride. Here’s an overview to get you up and running quickly.
Enable ufw:
sudo ufw enable
When you initially enable ufw it’s defaulted into ACCEPT mode - basically allowing all incoming and outgoing traffic - until you establish a ruleset as below.
Allowing an incoming/outgoing connect on port 22:
sudo ufw allow 22
By port and protocal:
sudo ufw allow 22/tcp
Or by service name (list of service names from /etc/services):
sudo ufw allow ssh
Deny all ssh traffic from 172.16.1.0/24 to 10.123.123.100:
sudo ufw deny proto tcp from 172.16.1.0/24 to 10.123.123.100 port 22
Deleting the rule just created above:
sudo ufw delete deny proto tcp from 172.16.1.0/24 to 10.123.123.100 port 22
Block a single IP:
sudo ufw deny from 192.16.1.245
Deny a single IP behind your firewall from ssh-ing out:
sudo ufw deny proto tcp from 192.16.1.242 to any port 22
Enable/Disable logging:
sudo ufw logging on or sudo ufw logging off
Overview of the configured ports in ufw:
sudo ufw status
And to disable ufw and the running ruleset:
sudo ufw disable
As you can see, the syntax is quite logical once you’ve spent just a few minutes with it. I believe this is enough to get anyone up and running. More information can be found at the Ubuntu Wiki.
If you want to be notified the next time I write something please subscribe to my RSS feed. Thanks for reading!
Related Posts
Recent Posts
Random How in the TECH
Tag Cloud
about:config anniversary apple birthday bugs drm email firefox firefox tips games google government gps gta ie iphone ipod itunes laws lawsuit linux math microsoft music nintendo os x p2p patches privacy registry editor review robots search service pack sysadmin uac ubuntu unix video games vista vista tips wii windows tips yahoo your rights
Discussion
No comments for “Simplifying IPTABLES with UFW and Ubuntu”
Post a comment