Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 47

Thread: A question regarding ufw

  1. #11
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    Quote Originally Posted by jsvidyad View Post
    Maybe I wasn't clear. ufw just sets the iptables rules, right?? I just wanted to know where the script that sets iptables rules at startup is and how it sets the iptables rules
    You are correct, ufw is just a front end for iptables. I told you earlier in the post where the scripts that ufw loads at start up are located. To reiterate that point

    UFW default rules (the policies and rules that come with UFW by default) are stored in

    Code:
    /etc/ufw/before.rules
    /etc/ufw/after.rules
    /etc/ufw/before6.rules
    /etc/ufw/after6.rules
    UFW user rules (rules created by you, example : allowing traffic to SSH) are stored in

    Code:
    /lib/ufw/user.rules
    /lib/ufw/user6.rules
    These files are loaded by UFW when it starts, if it is scheduled as an upstart job (starts at boot time) they will be loaded then. Otherwise they will be loaded when you give the

    Code:
    sudo ufw enable
    command.

    As far as iptables goes, you can create a script anywhere to interact with that, starting an iptables script is often done either via an upstart job, using the service iptables-save command , or adding the iptables script to the network interface's pre-up.d startup scripts.

    Outside of that I'm not sure what else you're looking for.

  2. #12
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    How do I find if the ufw is set up as an upstart job?

    Do you think I am un-necessarily worrying and that ufw will set the necessary iptables rules automatically during system startup? I have been concerned with this because of my earlier surprise with firestarter.

    It would be nice if ufw is a set and forget firewall, the kind which is set up on the windows 7 computers I have to use in my office.

  3. #13
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    Can you please help me with this?

  4. #14
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    Quote Originally Posted by jsvidyad View Post
    How do I find if the ufw is set up as an upstart job?

    Do you think I am un-necessarily worrying and that ufw will set the necessary iptables rules automatically during system startup? I have been concerned with this because of my earlier surprise with firestarter.

    It would be nice if ufw is a set and forget firewall, the kind which is set up on the windows 7 computers I have to use in my office.
    Hey , if you run the followign command

    Code:
    intictl show-config
    it will list all the current upstart jobs if ufw is an upstart job it will show something like this

    Code:
    ufw
    start on ((starting network-interface or starting network-manager) or starting networking)
    stop on runlevel [!023456]
    As for your other questions, yes I do think you're being a little too worried, particularly considering firewalls really don't do much in a default configuration if you don't have any services running. As far as being worried about installing a server accidentally goes, I really don't think that's likely. You don't just go looking for tetris and come back with apache. So I think that may be a little too paranoid of a stance.

    Like I said, in its default configuration, with a default Ubuntu install UFW really won't do much for you. The bottom line is UFW is set and forget, Firestarter has problems, it's been out of development for a long time, and really was never that great of a front end to begin with.
    Last edited by Dangertux; October 7th, 2011 at 02:26 AM.

  5. #15
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    So, what you are saying is that once ufw has been enabled and configured, it will automatically set the firewall(iptables) rules at startup everytime the system is turned on and boots into ubuntu? Does this mean that I don't have to check to see if ufw is active and if the iptables rules have been set each time I boot into ubuntu? The only reason I was worried about this was because as I mentioned earlier, firestarter promised the same but did not deliver the results once when I checked the iptables rules(they were empty with default rule set to ACCEPT).

  6. #16
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    Quote Originally Posted by jsvidyad View Post
    So, what you are saying is that once ufw has been enabled and configured, it will automatically set the firewall(iptables) rules at startup everytime the system is turned on and boots into ubuntu? Does this mean that I don't have to check to see if ufw is active and if the iptables rules have been set each time I boot into ubuntu? The only reason I was worried about this was because as I mentioned earlier, firestarter promised the same but did not deliver the results once when I checked the iptables rules(they were empty with default rule set to ACCEPT).
    Yes -- ufw will set the rules at start up.

    You really need to understand though, and I'm not sure you're clear on this part. UFW's default policy IE: if you type

    Code:
    sudo ufw enable
    is this to DENY INPUT, ALLOW FORWARD and ALLOW OUTPUT. This is not the most restrictive policy in the world, however if you are just worried about accidentally installing a service and you don't have any currently installed it's fine.

    As I said earlier Firestarter was very buggy. As you said earlier, you're currently not running any services so really a default UFW firewall will do nothing that your system isn't already doing.

    I'm sorry if I sound short, I'm not trying to I'm just trying to make sure you understand what I'm saying.

  7. #17
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    The default rules right now seem to be INPUT-DROP,FORWARD-DROP and OUTPUT-ACCEPT. I just want to make sure someone else can't get into the computer. For that, these rules are good enough, right?

  8. #18
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,490
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: A question regarding ufw

    Assuming that ufw is configured as an upstart job, you will find its configuration file in /etc/init, probably /etc/init/ufw.conf. upstart is a program loaded very early in the boot process, and uses the rules in this folder to decide when other processes should be started and stopped.

  9. #19
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    Quote Originally Posted by jsvidyad View Post
    The default rules right now seem to be INPUT-DROP,FORWARD-DROP and OUTPUT-ACCEPT. I just want to make sure someone else can't get into the computer. For that, these rules are good enough, right?
    That's a very broad question : and a firewall is not a one stop shop for that.

    To elaborate a lot of people misunderstand what a firewall is. A firewall is essentially a filter for incoming and outgoing connections, nothing more nothing less. It can become more complicated when you're adding a deep packet inspection firewall and or intrusion prevention system which Ubuntu does not come with by default. You would have to install something along the lines of Snort or OSSEC to have that functionality.

    In all reality a firewall protecting nothing with unrestrictive outbound rules is essentially useless. If you would like to understand more about how attackers can "get into your computer" remotely , and how a firewall can and can not help you I would suggest reading this . I wrote it to address this particular question that a lot of people have.

    In lieu of that I suggest that if you are truly paranoid about system security, you look into other things besides a firewall. NoScript and similar browser addons, mandatory access controls such as Apparmor (comes with Ubuntu but needs to be configured) or SELinux, and ensuring that you're giving your programs proper permissions in the discretionary access control scheme.

    These are all things that can help you secure your system, additionally don't download from untrusted repositories, and generally use common sense.

    But ultimately no a firewall is not the end all be all of system security.

  10. #20
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    Hello,

    I want to get something clarified. When I have set up ufw on a laptop and I switch between wired and wireless connections, what happens? Will the firewall be up and running in both cases? Or when I switch, will I have to restart ufw? Does the same firewall rules protect me for both wired and wireless connections? Do the firewall rules set up by ufw depend on the kind of network interface used for the network connection in any way?

Page 2 of 5 FirstFirst 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •