View Full Version : [ubuntu] How to Make firewall start as service with Ubuntu?

July 22nd, 2009, 01:34 AM
How to Make firewall start as service with Ubuntu?

July 22nd, 2009, 01:36 AM
Turn it on:

sudo ufw enable


July 22nd, 2009, 01:43 AM
Your firewall doesn't start as a service, it starts as part of the kernel. If you have turned it on with Firestarter or (preferably) UFW it will do its work on startup.

July 22nd, 2009, 01:49 AM
IIRC, the firewall doesn't start out of the box because ports are closed by default. If you start opening ports, that's when the firewall needs to be enabled. Remember that ufw is just a front end to iptables.

July 22nd, 2009, 02:46 AM
I was talking about firestarter .. anyway is there a better firewall ?

July 22nd, 2009, 02:49 AM
Firestarter is also a front end to iptables, however I believe it is no longer maintained. We now use ufw on the command line and gufw for a graphical interface. ufw = Uncomplicated Firewall.

sudo apt-get install gufw
Then you can access it from System->Administration->Firewall configuration

July 22nd, 2009, 03:54 AM
But "Firewall Configuration" is very poor tool, dose not have all features of "Firestarter"

July 22nd, 2009, 12:12 PM
UFW itself is kind of too dumb. It can only block incoming traffic. Now, people are going to tell you that there's no reason to block outgoing since they are initiated by your computer. But I still believe that is up to how much control the user wants, and making a tool that only works half the way and calling it user friendly is questionable.

The Cog
July 22nd, 2009, 12:17 PM
But "Firewall Configuration" is very poor tool, dose not have all features of "Firestarter"
Ah, but Firestarter is a very poor tool, does not have all the features of iptables. And, I gather, is is no longer maintained.

Any choice of firewall-configuring GUI is a personal choice, a compromise between feature-set and convenience. UFW is very simple and suitable for most home users. I prefer guarddog with more features but more complicated. I generally just use an iptables shell script though - that way I really know what it's doing.