LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-23-2009, 05:02 PM   #1
archShade
Member
 
Registered: Mar 2006
Location: Delft NL
Distribution: Debian; Slackware; windows 7
Posts: 218

Rep: Reputation: 53
UFW dosent seem to affect anything Ubuntu 9.10


Hi

I'm trying to set up a firewall using ufw.

I had planned on denying all network traffic and allowing as it became a problem. I expected to need port 80 8(http) 88(https) and 1863(MSN).

I tried
Code:
Me@Ubuntu:~$ sudo ufw enable 
Firewall is active and enabled on system start up
Me@Ubuntu:~$ sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Me@Ubuntu:~$ sudo ufw status
Status: active
If I have understood I should not be able to connect to the Internet now but I still can (I am posting this with these settings).

I have tried rebooting and this did not help although the status was persistent.

I am currently using version 9.10 of Ubuntu upgraded from 9.04 (itself from 8.10 which was a clean install). I am using a wireless network called wmaster0 with driver rt61pci if that helps.

Any help received with gratitude on both this issue and any advice on how to configure firewall welcome.
 
Old 11-23-2009, 05:05 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Please post the output of:
Code:
iptables -nvL
 
Old 11-23-2009, 05:25 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Actually, don't bother posting that output.

Quote:
Originally Posted by archShade View Post
If I have understood I should not be able to connect to the Internet now but I still can (I am posting this with these settings).
Where did you get that understanding from? I don't use ufw, but I just ran it on a disposable guest to see how it worked. After looking at the rules it implements after doing an ufw enable, it seems clear that it's designed to allow inbound packets in states RELATED or ESTABLISHED, as well as all outbound packets. This is a sensible default for this kind of tool IMHO. The behavior you're describing seems expected and normal to me.

Quote:
Originally Posted by archShade View Post
Code:
Me@Ubuntu:~$ sudo ufw enable 
Firewall is active and enabled on system start up
Me@Ubuntu:~$ sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Me@Ubuntu:~$ sudo ufw status
Status: active
AFAICT, that second command you executed wouldn't really change anything, since a deny policy is used by default anyway. I think it's only meant to switch the policy back, in case you had changed it to allow.

Last edited by win32sux; 11-23-2009 at 05:35 PM.
 
Old 11-23-2009, 06:08 PM   #4
archShade
Member
 
Registered: Mar 2006
Location: Delft NL
Distribution: Debian; Slackware; windows 7
Posts: 218

Original Poster
Rep: Reputation: 53
First off thank you for your prompt reply.

I am new to the world of networking and the associated security.

I assumed (apparently naively) that setting the tool to default deny would stop all traffic both in bound and out bound. From there I would allow or deny things as they where appropriate.

Does this mean my system is relatively secure? Is there anything I can do to the firewall to make the system more secure (e.g close outbound ports to stop malicious software establishing a connection or limiting which programs may connect to specific ports)?

I am willing to learn and pointing to a good entry level resource for ufw or iptables would be helpful.
 
Old 11-23-2009, 06:49 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by archShade View Post
First off thank you for your prompt reply.
You're welcome!

Quote:
I am new to the world of networking and the associated security.

I assumed (apparently naively) that setting the tool to default deny would stop all traffic both in bound and out bound. From there I would allow or deny things as they where appropriate.
Well, the default deny approach (which is what you're describing) is how the best firewalls are configured. It's just that this particular tool only does default deny for inbound packets (with an exception for packets in states RELATED and ESTABLISHED, as well as the loopback interface, pre-included for you). It sounds to me like you'd be wasting your time with ufw anyway. I highly recommend you go straight to iptables instead, since you've already got the right mindset for it.

Quote:
Does this mean my system is relatively secure? Is there anything I can do to the firewall to make the system more secure (e.g close outbound ports to stop malicious software establishing a connection or limiting which programs may connect to specific ports)?
There's plenty you could do, I'm just not sure how much of it you'll be able to accomplish with ufw. That said, the configuration ufw provides by default is intended to be sane (and what I saw when I glanced at the configuration earlier was in line with that). There's just a limit to what you can do with a firewall tool designed for non-firewall users.

Quote:
I am willing to learn and pointing to a good entry level resource for ufw or iptables would be helpful.
Forget ufw, get your hands dirty right here.

Last edited by win32sux; 11-23-2009 at 06:56 PM.
 
Old 11-23-2009, 07:13 PM   #6
archShade
Member
 
Registered: Mar 2006
Location: Delft NL
Distribution: Debian; Slackware; windows 7
Posts: 218

Original Poster
Rep: Reputation: 53
Many thanks I guess I know what I'll be doing this weekend then.
 
  


Reply

Tags
firewall, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu 9.10 UFW Firewall LXer Syndicated Linux News 0 10-15-2009 01:02 AM
LXer: New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04, 8.10 and 9.04 OSes LXer Syndicated Linux News 0 07-03-2009 02:00 AM
ufw in Slackware mattydee Slackware 2 05-19-2009 02:35 PM
LXer: Gufw - Simple GUI for ufw (Uncomplicated Firewall) in Ubuntu LXer Syndicated Linux News 0 09-30-2008 03:20 AM
Will Upgrading to Ubuntu 8.04 Affect USB in VirtualBox CSE taurusx5 Linux - Software 1 05-10-2008 08:20 AM


All times are GMT -5. The time now is 03:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration