Linux tips and tweaks
Protect your PC with a firewall in Ubuntu
Share this page with your friends! Tweet
A firewall is a means of filtering network traffic and it is useful because you can control the flow of data that is coming into and going out of the computer. For example, you can prevent hackers and malware from gaining access to the valuable files and information on your computer, and you can prevent malware, adware or spyware from sending information stored on your computer back to its owners. A firewall is a necessity when you then connect your computer to the internet. Anyone in the world can access a computer that is on the internet and without security software like a firewall, they could simply take your files or damage your computer. A firewall keeps out the internet hackers. If you are using Ubuntu Linux, do you know whether you have a firewall? Is it running? Is it blocking unauthorised incoming connections? Is it blocking unauthorised outgoing connections? These are important questions and you should know the answer - the safety of your files and personal data depends on it.
The good news is that yes, your Ubuntu Linux computer has a firewall, but the bad news is that it is disabled by default. It does not block incoming connections and it does not prevent applications, including malware, from sending out possibly personal information. The firewall is basically switched off. Just think about it - you're using an unprotected computer on the internet!
Obviously this is not a good situation to be in and you really should turn on that firewall and protect yourself. However, this is not as easy as it should be. In fact, it typical Linux fashion, it's obscure and complicated. Don't bother looking for the firewall among the menus and configuration tools because it isn't there. You have to go to the command line to actually turn it on.
The Linux kernel (the core of the operating system) has a network filtering system called netfilter and iptables is used to control how it works. Iptables is basically a set of rules that tell the system what to do with each packet of data that is sent or received over the network. A rule could say something like 'Don't accept anything from computer X'. It doesn't actually use those words, but the end result is the same and you can block network traffic from a specific computer.
If you configure iptables with lots of rules then you have a firewall that allows only the communications that you specify and blocks everything else, such as hackers and malware. The problem is that iptables is very difficult to use and it requires long and complicated commands to be entered at the Terminal. Few people want to use iptables.
UFW - uncomplicated firewall
Ubuntu's developers know that iptables is too difficult to use for most people and so you also get ufw, which stands for uncomplicated firewall. On a scale of 1 to 10 where 1 is easy and 10 is the most difficult, iptables would get a 9 and ufw would get a 7. Yes, ufw is simpler than configuring iptables directly, but it's still quite hard. Something is hard if you can't guess how to use it by examining it and you'll never guess how to use ufw.
Open a Terminal window and enter the following command:
sudo ufw status
This will tell you the status of ufw and if you've never used it before then it will say that it is inactive. You turn ufw on and off with these commands:
sudo ufw enable sudo ufw disable
Enabling ufw will also automatically enable it every time Linux is started, which is useful. It means that once started, it continues to run until stopped and you don't have to think about it.
To configure ufw to do its job you tell it what you want to allow and what you want to block. Here are the commands you need to allow ssh and tcp communications:
sudo ufw allow ssh/tcp sudo ufw enable
This is now functioning as a basic firewall and if you check the status you'll see that incoming connections are blocked, but outgoing connections are allowed. In other words, your PC can access the internet, but hackers on the internet can't access your PC.
sudo ufw status verbose
You can specify services to allow by name, such as tcp above, or smtp, which is used in email, or you can specify port numbers like this
sudo ufw allow 80 sudo ufw deny 80
You really need to know which ports are used for what purpose though, so don't enter random numbers! The allow and deny commands above all refer to incoming connections. You can use
Ufw is simpler than iptables, but it's not as simple as the name suggests. Why isn't there a simple application, menu option or button to turn the firewall on and off? There are programs that can do this, but we'll consider those in a future article