Hi

I'm trying to set up a firewall using ufw.

I had planned on denying all network traffic and allowing as it became a problem. I expected to need port 80 8(http) 88(https) and 1863(MSN).

I tried
If I have understood I should not be able to connect to the Internet now but I still can (I am posting this with these settings).

I have tried rebooting and this did not help although the status was persistent.

I am currently using version 9.10 of Ubuntu upgraded from 9.04 (itself from 8.10 which was a clean install). I am using a wireless network called wmaster0 with driver rt61pci if that helps.

Any help received with gratitude on both this issue and any advice on how to configure firewall welcome.

Please post the output of:

Actually, don't bother posting that output.

Where did you get that understanding from? I don't use ufw, but I just ran it on a disposable guest to see how it worked. After looking at the rules it implements after doing an ufw enable, it seems clear that it's designed to allow inbound packets in states RELATED or ESTABLISHED, as well as all outbound packets. This is a sensible default for this kind of tool IMHO. The behavior you're describing seems expected and normal to me.

AFAICT, that second command you executed wouldn't really change anything, since a deny policy is used by default anyway. I think it's only meant to switch the policy back, in case you had changed it to allow.

First off thank you for your prompt reply.

I am new to the world of networking and the associated security.

I assumed (apparently naively) that setting the tool to default deny would stop all traffic both in bound and out bound. From there I would allow or deny things as they where appropriate.

Does this mean my system is relatively secure? Is there anything I can do to the firewall to make the system more secure (e.g close outbound ports to stop malicious software establishing a connection or limiting which programs may connect to specific ports)?

I am willing to learn and pointing to a good entry level resource for ufw or iptables would be helpful.

You're welcome!

Well, the default deny approach (which is what you're describing) is how the best firewalls are configured. It's just that this particular tool only does default deny for inbound packets (with an exception for packets in states RELATED and ESTABLISHED, as well as the loopback interface, pre-included for you). It sounds to me like you'd be wasting your time with ufw anyway. I highly recommend you go straight to iptables instead, since you've already got the right mindset for it.

There's plenty you could do, I'm just not sure how much of it you'll be able to accomplish with ufw. That said, the configuration ufw provides by default is intended to be sane (and what I saw when I glanced at the configuration earlier was in line with that). There's just a limit to what you can do with a firewall tool designed for non-firewall users.

Forget ufw, get your hands dirty right here.

Many thanks I guess I know what I'll be doing this weekend then.