Difference between revisions of "Firewalls"
Views
Actions
Namespaces
Variants
Tools
imported>Cscs (Intro to ufw and gufw) |
(No difference)
|
Revision as of 05:36, 6 February 2018
UFW
Ufw stands for Uncomplicated FireWall, and is a program for managing a netfilter firewall with a command-line interface. It provides a command line interface and aims to be uncomplicated and easy to use.
Installation
To install ufw package:
sudo pacman -S ufw
Warning about iptables
It is worth noting that while ufw uses iptables to do its job, you should not enable its service while using ufw.
While using the ufw service, do not enable iptables.service
Basic configuration
Users will need root or sudo priveleges to use ufw.
The following commands are an example of how to set up a very simplistic configuration which will deny all by default, allow any protocol from inside a 192.168.0.1-192.168.0.255 LAN, and allow incoming Deluge and SSH traffic from anywhere:
sudo ufw default deny sudo ufw allow from 192.168.0.0/24 sudo ufw allow qbittorrent sudo ufw allow SSH
The next line is only needed once the first time you install the package:
sudo ufw enable
Then enable the ufw as a systemd service:
systemctl enable ufw && systemctl start ufw
You can check on the the status of ufw and rules with the following command:
sudo ufw status
Users should also be aware that builtin-rules do exist. These include filters to allow UPNP, AVAHI and DHCP replies. To see a more full report one may use
ufw show raw
Adding more applications
The PKG comes with some defaults based on the default ports of many common daemons and programs. Inspect the options by looking in the /etc/ufw/applications.d
directory or by listing them in the program itself:
sudo ufw app list
Extra configuration files can be installed through package ufw-extras
sudo pacman -S ufw-extras
For custom application settings such as a non-standard port, it is recommended to simply create /etc/ufw/applications.d/custom
containing the needed data using the defaults as a guide.
GUFW
Not comfortable in the command-line and still want to manage your firewall? GUFW is a GTK front-end for Ufw that aims to make managing a Linux firewall as accessible and easy as possible. It features pre-sets for common ports and p2p applications.
Installation
If it is not installed already gufw can be installed from the repos:
sudo pacman -S gufw
More information
That should cover the basics. To learn more see
man ufw man gufw
Or of course visit the arch wiki.