<> = Introduction = ||<>|| {{attachment:Gufw/gufw.png}} Gufw is a firewall powered by [[UFW]] (Uncomplicated Firewall). For an overview of firewalls, please see [[Firewall]]. = Installation = In order to install Gufw, you must have the Universe [[Repositories/Ubuntu|repository]] enabled. To install, use [[Synaptic]], or run from [[Terminal]]: {{{ sudo apt-get install gufw }}} = Usage = {{attachment:IconsPage/menu.png}} To access GUFW, go to '''System->Administration->Firewall configuration'''. By default, the firewall is disabled. {{attachment:disabled.png}} == Enabling == To enable the firewall, simply check the '''Enabled''' button and the default will be set to '''Deny''' for incoming traffic and '''Allow''' for outgoing traffic. {{attachment:enabled.png}} == Adding Rules == To configure the firewall, we add rules. Simply click the '''Add''' button and a new window will pop up. For details about this implementation, see the [[UFW]] page. Rules can be configured for TCP and UDP ports, and UFW has some preconfigured programs/services to make setting up rules for them easy. The available options for rules are ''Allow'', ''Deny'', ''Reject'', and ''Limit'': * Allow: The system will allow entry traffic for a port. * Deny: The system will deny entry traffic to a port. * Reject: The system will deny entry traffic to a port and will inform the requesting for connection system that it has been rejected. * Limit: The system will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds. === Preconfigured === The '''Preconfigured''' tab gives us some options for controlling firewall options for common programs and services. {{attachment:preconfigured.png}} You have several categories and subcategories. You can filter by name/description/ports too. === Simple === Not all program configurations are available in Gufw, but we can still add rules for them using the '''Simple''' tab. {{attachment:simple.png}} Again, we'll use the SSH example - let's just pretend for a moment that there isn't a preconfigured option for it. To enable it in the '''Simple''' tab, select "Allow", "TCP", "22" and click '''Add'''. === Advanced === Sometimes we want to configure access based on a specific IP, so we use the '''Advanced''' tab. {{attachment:advanced.png}} = Preferences = There are a few preferences available to set in Gufw, and can be controlled from '''Edit->Preferences''' {{attachment:preferences.png}} Here you can control logging for ufw and for Gufw, create profiles and set general interface preferences. The default is to enable logging for ufw, and disable logging for Gufw. = Use Gufw without Graphical Environment or Remote Computer = == Requirements == You can use Gufw in a Linux without Graphical Environment (for example an Ubuntu Server) or from a remote computer. You will need '''Gufw 13.10.2 or higher'''. Just export your X Display. All the operations in Gufw will be apply in the remote computer. == How use it == ---- Important: If you enable the firewall under ssh without the ssh rule, you'll close the ssh connection, then before to enable Gufw under a ssh connection, append the ssh rule using ufw with this command: {{{ sudo ufw enable ssh }}} ---- * From a local computer with Linux: * Remote computer without graphic environment (IP = 192.168.1.102, Gufw installed and ssh server). * Local Linux. In the local computer, open a Terminal and run this command: {{{ ssh user_remote@192.168.1.102 -X sudo /usr/bin/gufw-pkexec -ssh }}} {{attachment:linux1.png}} * From a local computer with Windows: * Windows IP = 192.168.1.101; Linux IP = 192.168.1.100 * Install [[http://www.chiark.greenend.org.uk/~sgtatham/putty/|Putty]] & [[http://sourceforge.net/projects/xming/|Xming]]. * In Windows: Run XLaunch from the Start Menu and check "No Access Control" in the last step. * Connect to your Linux with Putty and run: {{{ export DISPLAY=192.168.1.101:0.0 sudo /usr/bin/gufw-pkexec -ssh }}} {{attachment:win3a.png}} = Enable IP forwarding = == Requirements == Gufw 14.10 or higher. == How use set it == To routing policy and rules, you must setup IP forwarding in the system: * Close Gufw * Uncomment these 3 lines in the file /etc/ufw/sysctl.conf: {{{ #net/ipv4/ip_forward=1 #net/ipv6/conf/default/forwarding=1 #net/ipv6/conf/all/forwarding=1 }}} * Reload the firewall: {{{ sudo ufw reload }}} Open Gufw, you'll see a new "Routed" option (with an arrow around the shield) and you can forward any rule from the Update window or Advanced Tab in Add window. {{attachment:routed.png}} = Other Resources = == General == * [[https://wiki.ubuntu.com/BasicSecurity/Firewall|Basic security]] * [[http://askubuntu.com/questions/22667/why-is-the-firewall-disabled-by-default/|Why is the firewall disabled by default?]] * [[http://ubuntuforums.org/showthread.php?t=1871177|Do I need a Firewall for Ubuntu?]] * [[Firewall]] * [[UFW]] * [[Ubuntu:UbuntuFirewall]] - UFW homepage * [[http://gufw.org]] - Gufw homepage == Online Great (Updated) Tutorials in this language == * Gufw 11.04: * [[http://www.techotopia.com/index.php/Using_gufw_and_ufw_to_Configure_an_Ubuntu_11.04_Firewall|Using gufw to Configure an Ubuntu Firewall]] * [[http://www.linux.com/learn/tutorials/429427-create-firewall-configurations-easily-with-gufw-on-ubuntu|Linux.com]]. * Gufw 10.04: * [[http://blog.bodhizazen.net/linux/firewall-ubuntu-gufw/|Shadows of epiphany]]. ---- CategoryNetworking CategorySecurity