A question regarding ufw

[Hungry Man]

Switching connections shouldn't change anything.

[JKyleOKC]

Do the firewall rules set up by ufw depend on the kind of network interface used for the network connection in any way?

They can, but don't have to. It depends entirely on how each specific rule is written.

That is, a rule can be specified as applying to just one specific network interface, and if that's done the rule will be ignored for all other interfaces. However in the absence of such a specification, it will apply to all of them.

You would have to examine the rules that UFW generated for your system to determine which is the case; UFW lets you do it either way.

[Ms. Daisy]

So unless you specify a particular network interface, then the default for ufw, gufw, and iptables is to apply to all interfaces, correct?

[haqking]

So unless you specify a particular network interface, then the default for ufw, gufw, and iptables is to apply to all interfaces, correct?

from the man page:

By default, ufw will apply rules to all available interfaces. To limit this, specify DIRECTION on INTERFACE, where DIRECTION is one of in or out (interface aliases are not supported). For example, to allow all new incoming http connections on eth0, use: ufw allow in on eth0 to any port 80 proto tcp

[JKyleOKC]

And for iptables itself, it's the "-i" and "-o" options in each rule. Most of the time an interface is specified, but not always. If not, the rule applies to all of them.

[jsvidyad]

Hello,

I usually set up ufw with the default rules of incoming:deny and outgoing:allow. Now, I know that these ufw default firewall settings (when ufw is enabled) protect my computer when I'm connected to the internet via a wired connection since I have used these default ufw settings on desktops running ubuntu which have wired connections to the internet and ufw is set up and enabled on those desktops. Is the working of the above default ufw settings dependent on the network interface used for internet access? I plan to install ubuntu on a laptop and use the laptop's wireless interface to connect to wireless networks. Will the above mentioned default ufw settings for the ufw firewall work for the wireless interface of my laptop too? Will the ufw firewall with the above mentioned default ufw settings work to protect my laptop while my laptop is connected via a wireless connection to the internet using my laptop's wireless interface?

[haqking]

Hello,

I usually set up ufw with the default rules of incoming:deny and outgoing:allow. Now, I know that these ufw default firewall settings (when ufw is enabled) protect my computer when I'm connected to the internet via a wired connection since I have used these default ufw settings on desktops running ubuntu which have wired connections to the internet and ufw is set up and enabled on those desktops. Is the working of the above default ufw settings dependent on the network interface used for internet access? I plan to install ubuntu on a laptop and use the laptop's wireless interface to connect to wireless networks. Will the above mentioned default ufw settings for the ufw firewall work for the wireless interface of my laptop too? Will the ufw firewall with the above mentioned default ufw settings work to protect my laptop while my laptop is connected via a wireless connection to the internet using my laptop's wireless interface?

2 posts above, post #24

[jsvidyad]

When I set the default incoming rule to deny and the default outgoing rule to allow, I don't specify any network interface. So, those settings should work for any network interface(more specifically the ethernet wired interface and the wireless interface) and the ufw firewall will protect my computer irrespective of which network interface I am using to connect to the internet, right?

I was using firestarter till like 2 years ago and in firestarter, when I configure firestarter, I had to specify which network interface was connected to the internet and the rules were set only for that interface. If I later started using another network interface to connect to the internet, I had to re-configure firestarter and specify the new network interface as the internet connected network device. If I didn't do that, the firestarter firewall would become inactive and wouldn't protect my computer. Now, when setting up and configuring the ufw firewall, I didn't have to specify any network interface as the internet connected network device. So, I wasn't sure if my settings for ufw were were valid and whether ufw was active and protecting my computer when I use any one of the different network interfaces available to connect to the internet, irrespective of which network interface I was using to connect to the internet. More specifically, I wasn't sure if my ufw firewall was active and protecting my computer no matter whether I was using the ethernet wired interface or the wireless interface as the internet connected device in order to connect to the internet. Also, I wasn't sure(I still am not) if I had to re-configure the ufw firewall when I switched from using one network interface to another network interface in order to connect to the internet.

[haqking]

When I set the default incoming rule to deny and the default outgoing rule to allow, I don't specify any network interface. So, those settings should work for any network interface(more specifically the ethernet wired interface and the wireless interface) and the ufw firewall will protect my computer irrespective of which network interface I am using to connect to the internet, right?

I was using firestarter till like 2 years ago and in firestarter, when I configure firestarter, I had to specify which network interface was connected to the internet and the rules were set only for that interface. If I later started using another network interface to connect to the internet, I had to re-configure firestarter and specify the new network interface as the internet connected network device. If I didn't do that, the firestarter firewall would become inactive and wouldn't protect my computer. Now, when setting up and configuring the ufw firewall, I didn't have to specify any network interface as the internet connected network device. So, I wasn't sure if my settings for ufw were were valid and whether ufw was active and protecting my computer when I use any one of the different network interfaces available to connect to the internet, irrespective of which network interface I was using to connect to the internet. More specifically, I wasn't sure if my ufw firewall was active and protecting my computer no matter whether I was using the ethernet wired interface or the wireless interface as the internet connected device in order to connect to the internet. Also, I wasn't sure(I still am not) if I had to re-configure the ufw firewall when I switched from using one network interface to another network interface in order to connect to the internet.

From post #24

By default, ufw will apply rules to all available interfaces.

Firestarter is out of date and buggy.

Code:

sudo ufw status

will tell you if its active

[jsvidyad]

When I set the ufw default rules as incoming:deny and outgoing:allow(i.e. deny incoming connections and allow outgoing connections), I do not specify any network interface. So, those default rules should apply to all interfaces, right? When the above default rules are set for the ufw firewall and the ufw firewall has been enabled on my computer, the ufw firewall will be active and protecting my computer irrespective of which network interface I'm using to connect to the internet, right? More specifically, after setting the above default rules and enabling the ufw firewall on my laptop, the ufw firewall will apply those default rules and protect my laptop irrespective of whether I use the wired ethernet interface on my laptop or the wireless interface of my laptop to connect my laptop to the internet, right?