Home About Us About Linux Services & Support Guides & How To's Applications & Software Linux Distro's News & Events Links Feedback Contact Us Get Involved or Donate Third Party Content Site Map
profile for Fernhill Linux Project at Ask Ubuntu, Q&A for Ubuntu users and developers
Firewall

Using a firewall in ubuntu or linux is recommended even though many would argue that it is not necessary. Ubuntu is distributed with 'Uncomplicated Firewall' or 'UFW' for short.

By default UFW is disabled, so you need to enable it and then provide rules for it to work.
Setting up your firewall is easily done from the command line using a teminal.

Below is a basic set of rules and instructions for setting up your firewall.
These rules will allow browsing the internet and email.
You can enable or disable UFW at anytime, and use any program as normal, using the commands :

sudo ufw enable

sudo ufw disable



Setting Up Your Firewall

You can simply copy and paste the following commands one by one in to a terminal.

Enable the firewall

sudo ufw enable

Set default rules

sudo ufw default deny incoming && sudo ufw default deny outgoing

Add outbound TCP rules

sudo ufw allow out 25,53,80,110,443/tcp

Allow outbound UDP rules

sudo ufw allow out 53,67,68/udp

Restart UFW

sudo ufw disable && sudo ufw enable


Identify Ports that Programs Use

Many programs will display which ports they use in the options menu or on their website.
If this is not the case you can use the following method.
If a program you wish to use will no longer work, such as streaming music using Totem Movie Player, it is probably being blocked by the firewall, so you need to find which port it is using and allow that port so it can access the internet.

Close down Movie player any other programs which may be using the network.
Then open a terminal and disable the firewall

sudo ufw disable

Then start the Totem Movie Player again and run the following command to Identify which ports it is using

sudo netstat -anp --tcp

You should see the program name on the right, and the port that the program is using will be listed under 'foreign address' after the colon ':' see the following example – Totem is using port 8200 (as highlighted in bold).

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp   122332      0 192.168.1.2:55259       75.125.130.122:8200     ESTABLISHED 4915/totem

so we would then add the rule using the following command

sudo ufw allow out 8200/tcp

you should see confirmation that the rules has been added,
then close Totem Movie Player, and enable the firewall

sudo ufw enable

finally open Totem Movie Player again and try streaming music, assuming all went well UFW will allow it to connect to the internet and it will work fine. If it is not working follow the above steps again as you may need to allow additional ports. For example Totem Movie player also uses port 8052 for music streaming.

Existing Rules

To view a list of the rules you have created for the firewall use the following command

sudo ufw status numbered

To delete an existing rule, such as our Movie player rule above use 'delete' as follows

sudo ufw delete allow out 8200/tcp

Useful Links

Ubuntu Community Documentation - UFW
Wikipedia - List of TCP and UDP Port Numbers
Ubuntu Forums - Creating a Firewall for Your Ubuntu Desktop



© Copyright Fernhill Linux Project 2014