LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   UFW dosent seem to affect anything Ubuntu 9.10 (http://www.linuxquestions.org/questions/linux-security-4/ufw-dosent-seem-to-affect-anything-ubuntu-9-10-a-771079/)

archShade 11-23-2009 05:02 PM

UFW dosent seem to affect anything Ubuntu 9.10
 
Hi

I'm trying to set up a firewall using ufw.

I had planned on denying all network traffic and allowing as it became a problem. I expected to need port 80 8(http) 88(https) and 1863(MSN).

I tried
Code:

Me@Ubuntu:~$ sudo ufw enable
Firewall is active and enabled on system start up
Me@Ubuntu:~$ sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Me@Ubuntu:~$ sudo ufw status
Status: active

If I have understood I should not be able to connect to the Internet now but I still can (I am posting this with these settings).

I have tried rebooting and this did not help although the status was persistent.

I am currently using version 9.10 of Ubuntu upgraded from 9.04 (itself from 8.10 which was a clean install). I am using a wireless network called wmaster0 with driver rt61pci if that helps.

Any help received with gratitude on both this issue and any advice on how to configure firewall welcome.

win32sux 11-23-2009 05:05 PM

Please post the output of:
Code:

iptables -nvL

win32sux 11-23-2009 05:25 PM

Actually, don't bother posting that output.

Quote:

Originally Posted by archShade (Post 3767307)
If I have understood I should not be able to connect to the Internet now but I still can (I am posting this with these settings).

Where did you get that understanding from? I don't use ufw, but I just ran it on a disposable guest to see how it worked. After looking at the rules it implements after doing an ufw enable, it seems clear that it's designed to allow inbound packets in states RELATED or ESTABLISHED, as well as all outbound packets. This is a sensible default for this kind of tool IMHO. The behavior you're describing seems expected and normal to me.

Quote:

Originally Posted by archShade (Post 3767307)
Code:

Me@Ubuntu:~$ sudo ufw enable
Firewall is active and enabled on system start up
Me@Ubuntu:~$ sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Me@Ubuntu:~$ sudo ufw status
Status: active


AFAICT, that second command you executed wouldn't really change anything, since a deny policy is used by default anyway. I think it's only meant to switch the policy back, in case you had changed it to allow.

archShade 11-23-2009 06:08 PM

First off thank you for your prompt reply.

I am new to the world of networking and the associated security.

I assumed (apparently naively) that setting the tool to default deny would stop all traffic both in bound and out bound. From there I would allow or deny things as they where appropriate.

Does this mean my system is relatively secure? Is there anything I can do to the firewall to make the system more secure (e.g close outbound ports to stop malicious software establishing a connection or limiting which programs may connect to specific ports)?

I am willing to learn and pointing to a good entry level resource for ufw or iptables would be helpful.

win32sux 11-23-2009 06:49 PM

Quote:

Originally Posted by archShade (Post 3767356)
First off thank you for your prompt reply.

You're welcome!

Quote:

I am new to the world of networking and the associated security.

I assumed (apparently naively) that setting the tool to default deny would stop all traffic both in bound and out bound. From there I would allow or deny things as they where appropriate.
Well, the default deny approach (which is what you're describing) is how the best firewalls are configured. It's just that this particular tool only does default deny for inbound packets (with an exception for packets in states RELATED and ESTABLISHED, as well as the loopback interface, pre-included for you). It sounds to me like you'd be wasting your time with ufw anyway. I highly recommend you go straight to iptables instead, since you've already got the right mindset for it.

Quote:

Does this mean my system is relatively secure? Is there anything I can do to the firewall to make the system more secure (e.g close outbound ports to stop malicious software establishing a connection or limiting which programs may connect to specific ports)?
There's plenty you could do, I'm just not sure how much of it you'll be able to accomplish with ufw. That said, the configuration ufw provides by default is intended to be sane (and what I saw when I glanced at the configuration earlier was in line with that). There's just a limit to what you can do with a firewall tool designed for non-firewall users.

Quote:

I am willing to learn and pointing to a good entry level resource for ufw or iptables would be helpful.
Forget ufw, get your hands dirty right here. :)

archShade 11-23-2009 07:13 PM

Many thanks I guess I know what I'll be doing this weekend then.


All times are GMT -5. The time now is 03:13 AM.