Simplify your firewall setup

The netfilter firewall included in the Linux kernel can be comprehensively controlled with the iptables tool. However, iptables' complexity not only drives some users crazy, it also increases the risk of unintentionally tearing holes in the firewall with incorrect rules or typos.

Canonical offers a remedy with the Uncomplicated Firewall (ufw) [1]. The command-line program accepts clearly structured rules, which it translates into the appropriate iptables calls in the background. This approach also allows you the advantage of supplementing your setup with more complex rules in iptables, if needed.

Installation

Originally developed by Canonical for Ubuntu, ufw has been part of the distribution since Ubuntu 8.04. Alternately, you can install it with the ufw package. You can also now find ufw on other distributions.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • UFW Firewall

    UFW takes the complexity out of iptables, which is great for beginners and is even good for experienced users who want to keep it simple and avoid hidden mistakes.

    more »
  • GUI Firewall Tools

    Setting up a comprehensive firewall with netfilter and iptables is complicated. Graphic user interfaces seek to take the worries out of this demanding task.

    more »
  • Persistent iptables

    The Linux iptables packet filter lacks an easy way to load rules automatically after restarting a system, but you can automate this process several ways.

    more »
  • Charly's Column: UFW

    Things were better back then. No way! Charly takes a look back at the bad old firewall days and explains why things are better today – assuming you have the right tools.

    more »
  • FAQ

    Nftables promises to be the future of Linux firewalls. Meet iptables' replacement.

    more »
comments powered by Disqus