Question about UFW - it is better to have enable it?

Asked by Piotr on 2021-04-03

Dear Launchpad Community,

I found this website: https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support

I can see interesting information: "In Ubuntu 9.04 and later, you can enable ufw during installation using preseeding. See /usr/share/doc/ufw/README.Debian for details. "

When I open and read this file I can see:

 " Preseeding
----------
ufw has support for preseeding. To enable a default deny firewall, add to your
preseed file:
ufw ufw/enable boolean true

And to allow a service, use:
ufw ufw/allow_known_ports multiselect SSH, WWW"

I would like to know what is mean "Preseeding"? My english it is not the best and I don't know what is it and how it is work. If I will enable UFW I should add this to my "preseed file" - ufw ufw/enable boolean true.

I have important question. If I will enable UFW and I will not add command above my system will be less secure than default Ubuntu system with disabled UFW? Can you tell me?

Yours faithfully,
Piotr

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
2021-04-06
Last reply:
2021-04-06
Manfred Hampl (m-hampl) said : #1

Preseeding is a mechanism that is used when you want to install Ubuntu on several computers and want to automate this installation that you do not need answering questions during installation.
see https://help.ubuntu.com/lts/installation-guide/amd64/apbs01.html

if you want to activate or deactivate Ubuntu on a system that is already installed, then you do not use preseeding but just the ufw command

Piotr (peterq94) said : #2

Thank you Manfred for explain. So if I have installed Ubuntu system so I don't need to use preseeding. So this coomand is for preseeding --> ufw ufw/enable boolean true ? This I should only for installation system? If I have enabled UFW I should do something more? I want to have very restrictive firewall rules to improve security. Maybe someone have knowledge about it?

https://help.ubuntu.com/lts/installation-guide/s390x/apb.html

You can provide answers to the installer to use rather than manually inputting them each time. Its used a lot with PXE boot (over networks) to fully configure a system that boots over the network.

If you want to increase security with ufw then you can. If you have no need for asymetric connections to the system (like if you run an SSH server) then just block the lot. Remember to allow the connections going outward that you do use (HTTP / HTTP and so on) or you won't get any web access. You will also need to allow TCP/53 out so that DNS can work too.

Manfred Hampl (m-hampl) said : #4

Sorry, in my comment #1 it of course has to read "if you want to activate or deactivate UFW on a system that is already installed,..."

Piotr (peterq94) said : #5

So I have question to this command ufw ufw/enable boolean true.
Above command is needed only for installation process? If I will use only ufw enable it is okay? I don't know what is it "boolean true" parameter in this command?

Its to enable ufw on bootup as part of the preseed. You'd then need to specify rules too in order to make it effective

Piotr (peterq94) said : #7

So if I will only enable ufw this mean that in next reboot this will be not bootup. On my friends computer I only enabled UFW . I mean that I installed Ubuntu without enabling ufw next after installation I enabled it via terminal typing sudo ufw enable. So this UFW is not effective now? I want to have very restrictive rules so I should configure it or if I only enabled this means that there are very restricitve rules and I should only configure it if something not working?

iptables and iptables are installed by default. The pre-seed simply sets the firewall to enabled then sets your rules in place to define what traffic is allowed and denied. Did you check the status of the firewall before running the enable? Were your rules effective? Did you set rules? Simply enabling ufw doesn't do anything without rules.

Piotr (peterq94) said : #9

I enabled UFW like in this community tutorial --> https://help.ubuntu.com/community/UFW

 This is my friend's machine so I must know if it have very restrictive rules. Now he have default rules:

youruser@yourcomputer:~$ sudo ufw status verbose
[sudo] password for youruser:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
youruser@yourcomputer:~$

So can you tell me what I should do if I would like to have very restictive rules. If I will stay ufw like this this will be like default configuration when UFW was disabled or I should disable UFW? If I will enable ufw and now I will disable this I must checking what is now iptables rules? How I can restore to default configuration or improve my safety?

Can you help with this problem?

Provide an answer of your own, or ask Piotr for more information if necessary.

To post a message you must log in.