Ubuntu

need firewall?

Asked by bazsik on 2008-06-10

I just want to know should I install any firewall app into the Ubuntu 8.04.
Is any basic firewall in the OS? or is it necessary at all?

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu Edit question

Assignee:: No assignee Edit question

Solved by:: bazsik

Solved:: 2008-06-12

Last query:: 2008-06-12

Last reply:: 2008-06-11

Link existing bug

Revision history for this message

Murali Krishna Marimekala (murali-marimekala) said on 2008-06-10:

Bazsik,

By default firewall is off. To turn on fire wall please refer this link http://www.funnestra.org/ubuntu/hardy/#ufw.

--Murali

Revision history for this message

Martin Božič (martin-bozic) said on 2008-06-10:

The ports for the incoming traffic in Ubuntu are closed by default (apart from those which are most common). If you want to monitor/configure the traffic on your ports, i recommend you to install Firestarter. For console firewall interface there is a new app called 'ufw' (Uncomplicated Firewall).

Revision history for this message

Shane Fagan (shanepatrickfagan) said on 2008-06-10:

yes there is a firewall or something that works like a firewall in the kernal they are called iptables

Revision history for this message

bazsik (bazsikadam) said on 2008-06-10:

thanx the firestarter.
Can it share the internet, it can?

Revision history for this message

Jorge Juan (jjchico) said on 2008-06-10:

It is a long time I do not use firestarter, but it used to have an option to do masquerading (source NAT) to give Internet access to the hosts in the local network, if that is what you are asking. This is seldom useful today since most DSL/Cable/AP do it by default.

Revision history for this message

bazsik (bazsikadam) said on 2008-06-11:

Yes, I know but I want my ubuntu to be a routing server for the other PCs, and that's why I asking...
Or do you know any other better routing server app for this job?

Revision history for this message

Jorge Juan (jjchico) said on 2008-06-11:

Hi,

As I have said, firestarter will probably do the job. Anyway, configuring a "routing" server for the local PC's is easy if you do not mind using commands. Just put something like the examples in /etc/rc.local (extracted from the NAT and packet filtering howto's included with iptables (/usr/share/doc/iptables).

Hope this helps.

Example 1: router has a fixed real IP address (1.2.3.4):
--------------------------------------------------------------------
## Change source addresses to 1.2.3.4.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Example 2: router has a dynamic IP o a ppp interface.
Also block all incoming traffic from the outside.
--------------------------------------------------------------------
# Masquerade out ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Disallow NEW and INVALID incoming or forwarded packets from ppp0.
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Revision history for this message

bodhi.zazen (bodhi.zazen) said on 2008-06-11:

With a default installation of Ubuntu , all ports are open.

sudo iptables -L

will show that.

UFW is far superior to firestarter, especially when using NAT / forwarding. Firestarter is "OK" as a start for most desktop users, but firestarter will almost always fail with complex firewall rules.

UFW is easy to learn and takes less then an hour to get up and running. Hopefully there will be a gui interface soon.

See this link : https://help.ubuntu.com/8.04/serverguide/C/firewall.html

https://wiki.ubuntu.com/UbuntuFirewall