Gufw Managing ufw on Remote Host

Asked by Jeff Hochberg


I just came across Gufw for the first time yesterday. I manage several headless Ubuntu Server VMs - including the configuration and ongoing caring/feeding of the ufw policies.

From what I can tell, Gufw is only capable of configuring the policies directly on the system it is running on top of. I saw someone mention that it's possible to use Gufw to manage a remote system, but it requires the display to be exported to where you want to manage ufw from.

For example - if I'm on my laptop and have two servers:

ubntvm01 - ufw.service -
ubntvm02 - ufw.service -

I would run Gufw from my laptop, then choose to connect either to or 2.10 at which point I could make adds/moves/changes to the ufw policy.

Has there been any thought given to having a gufw.service daemon that would allow someone to connect to it remotely where they could use Gufw to manage policies remotely?

Thank you,


Question information

English Edit question
Gufw Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
costales (costales) said :
Revision history for this message
Jeff Hochberg (jhochberg) said :

I have seen the link you pointed me to. But it's a hack/workaround and is not desirable for a variety of reasons - mostly having additional unnecessary code on a server.

If it's a headless device (i.e. no desktop installed), then you have to effectively install Gnome and all of its dependencies just to be able to use Gufw on a remote machine to manage it. In reality, this is just exporting the display for Gufw to another system that is also a full desktop.

The purpose of a device being headless is I don't want to manage/maintain the desktop just for the purposes of managing a firewall ruleset.

What I am suggesting is a lightweight daemon you would install on a headless server (which does not require Gnome - or any other desktop for that matter) that would listen for connections from Gufw that's running on a remote system.

Revision history for this message
costales (costales) said :

Hi Jeff,

As Gufw is an UI for ufw, I think that daemon should be an ufw daemon (?).

Best regards

Revision history for this message
Jeff Hochberg (jhochberg) said :

I guess maybe I'm spoiled from working with commercial firewalls for too long.

I'm thinking of it in a similar fashion to managing a Check Point Firewall module with a centralized management GUI or a Palo Alto Networks NGFW with Panorama.

When you have a lot of individual host-based firewalls to manage - having a GUI that you can use to connect to them can be very helpful. But what Check Point and Palo Alto is doing is far more than just providing a GUI - they're also providing a centralized configuration store.

Revision history for this message
costales (costales) said :

Hi, yes, your idea is good, but needs a lot of work and redone, then, I
will keep it as a cool implementation :)
Thanks for your feedback!

Can you help with this problem?

Provide an answer of your own, or ask Jeff Hochberg for more information if necessary.

To post a message you must log in.