Teaching How to Install and configuring Firewall (GUFW) in Ubuntu

For more information, refer to: https://help.ubuntu.com/community/Gufw

Gufw is a firewall powered by UFW (Uncomplicated Firewall). For an overview of firewalls, please see Firewall.

Installation

In order to install Gufw, you must have the Universe repository enabled. To install, use Synaptic, or run from Terminal:

sudo apt-get install gufw

Usage

To access GUFW, go to System->Administration->Firewall configuration.

By default, the firewall is disabled.


Enabling

To enable the firewall, simply check the Enabled button and the default will be set to Deny for incoming traffic and Allow for outgoing traffic.


Adding Rules

To configure the firewall, we add rules. Simply click the Add button and a new window will pop up. For details about this implementation, see the UFW page. Rules can be configured for TCP and UDP ports, and UFW has some preconfigured programs/services to make setting up rules for them easy.

The available options for rules are AllowDenyReject, and Limit:

  1. Allow: The system will allow entry traffic for a port.
  2. Deny: The system will deny entry traffic to a port.
  3. Reject: The system will deny entry traffic to a port and will inform the requesting for connection system that it has been rejected.
  4. Limit: The system will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds.

Preconfigured

The Preconfigured tab gives us some options for controlling firewall options for common programs and services.


You have several categories and subcategories. You can filter by name/description/ports too.

Simple

Not all program configurations are available in Gufw, but we can still add rules for them using the Simple tab.


Again, we’ll use the SSH example – let’s just pretend for a moment that there isn’t a preconfigured option for it. To enable it in the Simple tab, select “Allow”, “TCP”, “22” and click Add.

Advanced

Sometimes we want to configure access based on a specific IP, so we use the Advanced tab, for example to add Port Forwarding.

Enable IP forwarding

Requirements

Gufw 14.10 or higher.

How use set it

To routing policy and rules, you must setup IP forwarding in the system:

  1. Close Gufw
  2. Uncomment these 3 lines in the file /etc/ufw/sysctl.conf:
    #net/ipv4/ip_forward=1

    #net/ipv6/conf/default/forwarding=1

    #net/ipv6/conf/all/forwarding=1
  1. Edit the file /etc/default/ufw with DEFAULT_FORWARD_POLICY=”ACCEPT
  2. Reload the firewall:
    sudo ufw reload

Open Gufw, you’ll see a new “Routed” option (with an arrow around the shield) and you can forward any rule from the Update window or Advanced Tab in Add window.


Author: Carlos Rodriguez Iturria

I am extremely passionate about people, technology and the most effective ways to connect the two by sharing my knowledge and experience. Working collaboratively with customers and partners inspires and excites me, especially when the outcome is noticeable valuable to a business and results in true innovation. I enjoy learning and teaching, as I recognise that this is a critical aspect of remaining at the forefront of technology in the modern era. Over the past 10+ years, I have developed and defined solutions that are reliable, secure and scalable, working closely with a diverse range of stakeholders. I enjoy leading engagements and am very active in the technical communities – both internal and external. I have stood out as a noticeable mentor running technology events across major cities in Australia and New Zealand, including various technology areas such as, Enterprise Integrations, API Management, Cloud Integration, IaaS and PaaS adoption, DevOps, Continuous Integration, Continuous Automation among others. In recent years, I have shaped my role and directed my capabilities towards educating and architecting benefits for customers using Oracle and AWS Cloud technologies. I get especially excited when I am able to position both as a way to exceed my customers’ expectations. I hold a bachelor degree in Computer Science and certifications in Oracle and AWS Solutions Architecture.

Leave a comment