sudo apt-get install gufw
To access GUFW, go to System->Administration->Firewall configuration.
By default, the firewall is disabled.
To enable the firewall, simply check the Enabled box and the default for traffic will be set to Deny.
To configure the firewall, we add rules. Simply click the Add button and a new window will pop up. For details about this implementation, see the UFW page. Rules can be configured for TCP and UDP ports, and UFW has some preconfigured programs/services to make setting up rules for them easy.
The available options for rules are Allow, Deny, Reject, and Limit:
- Allow: The system will allow entry traffic for a port.
- Deny: The system will deny entry traffic to a port.
- Reject: The system will deny entry traffic to a port and will inform the requesting for connection system that it has been rejected.
- Limit: The system will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds.
The Preconfigured tab gives us some options for controlling firewall options for common programs and services.
A prime example is given on the UFW page, which is allowing and denying the ssh service, which uses port 22. If you select "Allow", "Service", "ssh", then the firewall will be configured to allow SSH traffic.
Not all program configurations are available in Gufw, but we can still add rules for them using the Simple tab.
Again, we'll use the SSH example - let's just pretend for a moment that there isn't a preconfigured option for it. To enable it in the Simple tab, select "Allow", "TCP", "22" and click Add.
Sometimes we want to configure access based on a specific IP, so we use the Advanced tab.
There are only a couple of preferences available to set in Gufw, and can be controlled from Edit->Preferences
Here you can control logging for ufw and for Gufw. The default is to enable logging for ufw, and disable logging for Gufw.
Use Gufw without Graphical Environment or Remote Computer
You can use Gufw in a Linux without Graphical Environment (for example an Ubuntu Server) or from a remote computer. You will need Gufw 13.10.2 or higher. Just export your X Display. All the operations in Gufw will be apply in the remote computer.
How use it
Important: If you enable the firewall under ssh without the ssh rule, you'll close the ssh connection, then before to enable Gufw under a ssh connection, append the ssh rule using ufw with this command:
sudo ufw enable ssh
- Linux, for example:
- Remote computer without graphic environment (IP = 192.168.1.102, Gufw installed and ssh server).
- Local Linux. In this local computer, open a Terminal and run this command:
ssh firstname.lastname@example.org -X sudo /usr/bin/gufw-pkexec -ssh
- Windows (For example, Windows IP = 192.168.1.101; Linux IP = 192.168.1.100):
Install Gufw in systems with Gufw 13.10 or higher (Ubuntu 13.10 or higher) for remote control
Just run this command and follow the How use it section.
sudo apt-get install gufw
Install Gufw 13.10 in systems with older Gufw versions for remote control
- By example, in Ubuntu Server 12.04:
sudo apt-get install ufw python-netifaces gir1.2-webkit-3.0 gir1.2-gtk-3.0 gnome-icon-theme-symbolic policykit-1 python-gobject wget https://launchpad.net/gui-ufw/gufw-13.10/13.10/+download/gufw_13.10.2-0ubuntu1_all.deb sudo dpkg -i gufw_13.10.2-0ubuntu1_all.deb rm gufw_13.10.2-0ubuntu1_all.deb
And follow the How use it section.