You may wish to install a firewall to protect your computer against unauthorized access by people on the Internet or your network. Firewalls block connections to your computer from unknown sources, which helps to prevent security breaches. If you use a router to connect to the Internet, the router may already have a firewall configured which regulates connections from the Internet to your network. This section deals with setting up a firewall on Ubuntu to regulate connections to your computer.
Uncomplicated Firewall (UFW) is the standard firewall configuration program in Ubuntu. It is a command line program. Most users will prefer to use Gufw, which is a graphical program to configure UFW.
Advanced users may wish to use UFW directly in the terminal. See the UFW manual or the Community Documentation page on UFW for more information. Alternatively, you can use iptables - see the iptables manual.
To install and enable Gufw:
-
To start Gufw, choose → → .
-
To enable the firewall, simply check the box next to “Actual Status.”
under
The default configuration is to deny connections. This means that a program attempting to connect to your computer will be denied. Certain programs or services which use the internet may require you to add an exception.
To add an exception:
-
Click
. -
You can choose from
options for common programs and services, or you can manually add port exceptions in the or tabs. -
To find out what type of exception a particular program requires, you should consult the help for that program.
For a graphical walkthrough of basic Gufw usage, see the Ubuntu Community Documentation page on Gufw.
To test the firewall it is best to scan it from a second computer. A popular application to use is called nmap.
-
Run:
nmap -vAPN 192.168.1.100
Substitute the IP address of the computer you want to scan for 192.168.1.100.
-
To see what services are associated with the open ports, run:
lsof -i -n -P
You can also make use of an online firewall testing service such as ShieldsUP.
Actual monitoring of your network traffic can be done with either Wireshark or Snort. Wireshark can analyze network packets and Snort is used in Network Intrusion Detection Systems (NIDS) and will notify you of unusual traffic.