Firewalls

Revision as of 05:57, 6 February 2018 by imported>Cscs (→‎GUFW)

UFW

Ufw stands for Uncomplicated FireWall, and is a program for managing a netfilter firewall with a command-line interface. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

To install ufw package:

sudo pacman -S ufw

Warning about iptables

It is worth noting that while ufw uses iptables to do its job, you should not enable its service while using ufw.

While using the ufw service, do not enable iptables.service

Basic configuration

Users will need root or sudo priveleges to use ufw.

The following commands are an example of how to set up a very simplistic configuration which will deny all by default, allow any protocol from inside a 192.168.0.1-192.168.0.255 LAN, and allow incoming Deluge and SSH traffic from anywhere:

sudo ufw default deny
sudo ufw allow from 192.168.0.0/24
sudo ufw allow qbittorrent
sudo ufw allow SSH

The next line is only needed once the first time you install the package:

sudo ufw enable

Then enable the ufw as a systemd service:

systemctl enable ufw && systemctl start ufw

You can check on the the status of ufw and rules with the following command:

sudo  ufw status

Users should also be aware that builtin-rules do exist. These include filters to allow UPNP, AVAHI and DHCP replies. To see a more full report one may use

ufw show raw  


Note
If special network variables are set in /etc/sysctl.d/*, it may be necessary to update /etc/ufw/sysctl.conf accordingly, as this configuration overrides the default settings.

Adding more applications

The PKG comes with some defaults based on the default ports of many common daemons and programs. Inspect the options by looking in the /etc/ufw/applications.d directory or by listing them in the program itself:

sudo ufw app list

Extra configuration files can be installed through package ufw-extras

sudo pacman -S ufw-extras

For custom application settings such as a non-standard port, it is recommended to simply create /etc/ufw/applications.d/custom containing the needed data using the defaults as a guide.

GUFW

Not comfortable in the command-line and still want to manage your firewall? GUFW is a GTK front-end for Ufw that aims to make managing a Linux firewall as accessible and easy as possible. It features pre-sets for common ports and p2p applications.

Installation

If it is not installed already gufw can be installed from the repos:

sudo pacman -S gufw

More information

That should cover the basics. To learn more see

man ufw 
man gufw

Or of course visit the arch wiki.