Linux is one of the most secure operating systems out there. Generally, you don’t need an antivirus, files cannot execute without your permission and there is a lot to protect you from people with malicious intent. One common tool that system administrators and home users use alike is the firewall.
A firewall, in the crudest of forms, just intercepts the incoming packets, and sees what to do with them, before they are sent to their destined applications on your computer or forwarded elsewhere. The “see what to do with them” part comes from a set of user defined network firewall rules that decides whether or not to accept or reject a packet.
The Linux kernel has a built in filtering system that can accept or reject a packet depending upon a set of rules, which is essentially what we want. The remaining thing is then how we can specify these rules.
By default, Ubuntu and other Linux distributions include the iptables utility that can be used to define and manage network firewall rules that are applied to the network traffic through the computer under question. The thing about iptables is that the command line switches and options are very cryptic and there are . In other words it’s far from what you would call user friendly.
Here is an example of a typical iptables rule:
# iptables -A INPUT -s xmail.spammer.ru -d 10.4.5.6 -p tcp –dport 25 -j REJECT
Things should be a lot easier, don’t you think?. I mean, there are software available for Windows that will give you a fully functional firewall out of the box, which you can modify later. And indeed there are a number of software that can help you configure a firewall easily on Linux as well.
UFW & GuFW
For Ubuntu users there is the Uncomplicated Firewall (also called UFW). UFW is also a command line utility, although it has a much simpler syntax. First you allow or deny all incoming/outgoing connections as the need may be and then selectively enable or disable the traffic at said ports, or from certain hosts or for certain services. Perhaps an example would make things a lot more clear:
ufw allow 8080/tcp allows all access to the port 8080. Similarly ufw deny 21 denies all access to port 21 (or FTP)
UFW also has a graphical frontend called GuFW. It provides you with a graphical interface that can be used to create the most sophisticated of rules, without any need to remember the switches and options for UFW. You can install it via the Ubuntu Software Center, or you can use the sudo apt-get install gufw command as well.
Firestarter is yet another popular tool, that makes Linux firewall configuration a lot easier. Again you can find and install Firestarter via the Ubuntu Software Center, or use sudo apt-get install firestarter.
Unlike GuFW, which is simply a GUI front-end for the UFW utility, Firestarter is a lot more feature rich and by default, starts in a wizard mode to make things easier for you. The wizard takes care of detecting your network device and optionally setting up Internet Connection Sharing and the likes.
Again you can create network firewall rules just as easily and Firestarter will take care of all the internal details. To create a rule, head over to the Policy tab, right click inside one of the active areas and you will be able to add a rule (or policy) for that type.
In the following screen, for example I am allowing inbound HTTP traffic from the host 192.168.0.56. Add the optional comment if you desire and the rule is added.
These are not the only tools available for configuring Linux firewalls. There are others like ipkungfu and shorewall, which let you do the same things. Firestarter and UFW/GuFW are the most common yet easy to use tools for the job out there. If all you need is to configure a firewall for your home computer or server, these should get the job done without much pain.
Do you use a firewall on Linux? If so, what tools or utilities do you use?