Ubuntu’s ufw (Uncomplicated Firewall)

While skimming through my list of RSS feeds (god, how I love RSS aggregators) I stumbled upon something that peaked my interest. In the latest update to Ubuntu (8.04, Hard Heron) they added a new feature called ufw which stands for ‘Uncomplicated Firewall’. If anyone has worked with a firewall before, especially via the command line, they know what kind of hair pulling experience it can be. Even setting up something fairly simple would take a lot of poking, prodding, and most importantly forethought and planning in to how you were going to set it up. ipfw, or ipchains certainly aren’t known for their usability. I’ve applauded both Microsoft’s and Apple’s forays in to making firewalling an easier experience even if both of them fall short in several areas. At least they’ve given it more effort than the entire linux community. However Ubuntu seems interested in creating a firewall that can be setup quickly and with a few simple commands have it up and running. In fact it took me under 60 seconds to enable it, allow access to a couple of ports that I wanted to use, and deny access to anything else. Because it uses the /etc/services file instead of trying to remember the port number for a specific service you can simply use the services name. Adding a new rule is as simple as “sudo ufw allow ssh”. As one might guess that command tells the firewall to add a rule that will allow ssh. You can, as with any other firewall, limit access further by only allowing a narrow band of IP addresses to access the machine. You can deny individual IP’s or entire blocks of them as well.

For a good primer on using ‘ufw’ check out this website.