Linux ships with a firewall called netfilter which is more commonly referred to as iptables. Typically iptables is configured via a complex script normally written in bash. A lot of the GUI’s for iptables actually just automatically create these scripts and run the bash to set the firewall up. This is a little long winded and whilst I recommend hand crafting a firewall script for your server, when your using the desktop you just need a simple interface to get you up and running.
This is where GUFW (Graphical Ubuntu Firewall) comes in! Its very quick and easy to block any incoming connection to your machine, and its also easy to allow certain traffic in. I’ll quickly show you how to get up and running.
To install GUFW you can either use the software centre and just search for GUFW. Once found just click install and enter your password to authorise the install.
Or you can use the command line. Go to Applications -> Accessories -> Terminal and type:
sudo apt-get install gufw
Once you’ve installed the software you have to enable the firewall. To do this go to System -> Administration -> Firewall Configuration and you’ll be presented with a screen like this:
Enabling GUFW may also prompt you for your password, just enter it again then you’ll be free to make changes. Once enabled the interface should tell that the firewall is enabled in the bottom left hand corner. The default policy is to allow anything to leave your desktop and connect out to the world, this means your email, web browser and your instant messenger, anything that originates from your desktop can connect to anywhere in the world. This is probably exactly what you want!
Incoming traffic is by default set to deny. This means no one can connect to your desktop. However GUFW is clever and automatically allows related traffic to connect. This means if you make a request to browser a webpage the firewall with allow that data back to your computer. Again this is exactly what you want and lets you work as normal. You could set the default to REJECT instead of DENY. The difference is that REJECT sends signal to the computer attempting to connect and politely says no you can’t connect, DENY just ignores the connection. DENY has the bonus of slowing down port scans from attackers, and hopefully this will make them leave you alone.
Once you’ve enabled your firewall you’re protected, but what if you want to allow certain traffic into your desktop. Maybe you use SSH so you can access the system remotely. GUFW allows you to easily configure services and has some services in a predefined rule set. To add a new rule to your firewall just click add.
To add SSH for example you’ll notice that this isn’t in the predefined list, just click on the simple tab. You then just need to type in 22 into the text box like so, the other defaults are fine.
The reason why you entered 22 is that SSH runs on TCP port 22, if you were adding a web server such as apache you’d enter 80 or 443 if it was using SSL. You can find a list of common ports here: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Now just click add and you’ll see the service is now allowed into your system.
That’s it, your now secure. You can test this by installing nmap (port scanning software)
sudo apt-get install nmap
and running from the command line:
nmap <YOUR IP ADDRESS>
Here you could test the difference between REJECT and DENY, as you’ll find its much quicker to scan a box that REJECTS. If you want to look a little further you can open a command line and run this:
sudo iptables -L
You’ll get a big long output of all the complex rules that GUFW has taken care of for you!
If you want to learn more about iptables and what that output actually means I’d recommend reading the iptables tutorial found at http://www.frozentux.net/documents/iptables-tutorial/ you’ll be able to find out how to log port scans and and other attacks on your machine to file.
I hope this has been of help to you feel free to ask any questions in the comments.