As a new Ubuntu desktop 18.04 LTS user, do I need to use ufw for a firewall or is iptables sufficient?Do I need to activate the firewall? I only use Ubuntu for a home desktop use?What rules to use for UFW?UFW Settings - Application IntegrationUFW 'default deny incoming' doesn't workCan't Get UFW Firewall to Allow AnythingWhat is UFW's approach towards rules order for overlapping rules?Configure UFW to allow only established and related conections (on IPv4)Question/Confusion About iptables on Ubuntu Desktop 17.04 and How to Use iptables Without UFWConfiguration of ufw for one user. NoobUFW: what exactly is it?Ubuntu FTP and SFTP client firewall rules for UFW
While on vacation my taxi took a longer route, possibly to scam me out of money. How can I deal with this?
Can a medieval gyroplane be built?
gerund and noun applications
What if (if any) the reason to buy in small local stores?
Is there a hypothetical scenario that would make Earth uninhabitable for humans, but not for (the majority of) other animals?
My friend is being a hypocrite
Is there a term for accumulated dirt on the outside of your hands and feet?
Do US professors/group leaders only get a salary, but no group budget?
Hausdorff dimension of the boundary of fibres of Lipschitz maps
Turning a hard to access nut?
Why is indicated airspeed rather than ground speed used during the takeoff roll?
In the 1924 version of The Thief of Bagdad, no character is named, right?
If "dar" means "to give", what does "daros" mean?
Suggestions on how to spend Shaabath (constructively) alone
Worshiping one God at a time?
Asserting that Atheism and Theism are both faith based positions
Could Sinn Fein swing any Brexit vote in Parliament?
What does "^L" mean in C?
Generic TVP tradeoffs?
A Ri-diddley-iley Riddle
Light propagating through a sound wave
The average age of first marriage in Russia
Changing Color of error messages
Why is there so much iron?
As a new Ubuntu desktop 18.04 LTS user, do I need to use ufw for a firewall or is iptables sufficient?
Do I need to activate the firewall? I only use Ubuntu for a home desktop use?What rules to use for UFW?UFW Settings - Application IntegrationUFW 'default deny incoming' doesn't workCan't Get UFW Firewall to Allow AnythingWhat is UFW's approach towards rules order for overlapping rules?Configure UFW to allow only established and related conections (on IPv4)Question/Confusion About iptables on Ubuntu Desktop 17.04 and How to Use iptables Without UFWConfiguration of ufw for one user. NoobUFW: what exactly is it?Ubuntu FTP and SFTP client firewall rules for UFW
Let's assume:
- I have little or no knowledge of the inner workings of the Ubuntu/Linux OS. All I know is from my experience of Windows, is that I have to have a firewall configured and running before I connect to the Internet, otherwise my system would be about as secure as going on holiday and leaving my house with all the doors and windows open.
- I have just migrated to Ubuntu desktop 18.04 LTS and have just logged in for the first time. I want to secure my system before I connect my pc to the Internet.
(NB: Note the emphasis on the word desktop, so any references to server will not be pertinent to the question and therefore irrelevant)
and after some research on this subject I understand this much:
a. Is ufw the default firewall "configuration tool" for Ubuntu? (note it says configuration tool and not the actual firewall) and ufw is installed, but it is not running and is not configured at all, so it has no default rules set out of the box.
b. Gufw is a UI to ufw, but it's not installed by default. At least that is the case with Ubuntu Desktop 18.04 LTS.
c. iptables is the actual firewall which is built-in to the kernel as a module.
At this point know I can configure ufw as it's easy as abc, hence its name and to use it you only need to set deny (incoming), allow (outgoing), and start it and I also understand I could use Gufw to do this too. So I could just leave it there and do just that.
However, after all my research, I find many articles, questions and blogs on the subject consisting of what appears to be mainly views and opinion based, a lot of them stating that you dont need a firewall, there are no open ports, but I am thinking, surely some ports must open when I connect to the internet? and all the information I have read only serve to make this unclear and ambigous, so I digest all that information and try to make sense of it then reduce it down to a single statement and put into my own words and so a nutshell:
Ubuntu desktop users don't need ufw since it's merely a configuration tool for iptables which is the actual firewall under the hood.
So say I take the above statement literally, then is the following statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully configured and up and running out of the box with default rules that are sufficiently secure for the average desktop user namely deny (incoming), allow (outgoing).
Because if the above is true, then what would be the point in ufw except to provide an uncomplicated interface to iptables, which by all accounts is complicated and furthermore the experts advise you to avoid configuring iptables directly since if you don't know exactly what you are doing, you could easily render your system insecure or unusable, if it is misconfigured?
Here is an nmap scan of my system along with my firewall config, showing the open ports on my system:
Please could someone provide a concise relevant and a non-opinion fact based answer :)
iptables firewall ufw
asked yesterday
SteveSteve
566
add a comment |
Let's assume:
- I have little or no knowledge of the inner workings of the Ubuntu/Linux OS. All I know is from my experience of Windows, is that I have to have a firewall configured and running before I connect to the Internet, otherwise my system would be about as secure as going on holiday and leaving my house with all the doors and windows open.
- I have just migrated to Ubuntu desktop 18.04 LTS and have just logged in for the first time. I want to secure my system before I connect my pc to the Internet.
(NB: Note the emphasis on the word desktop, so any references to server will not be pertinent to the question and therefore irrelevant)
and after some research on this subject I understand this much:
a. Is ufw the default firewall "configuration tool" for Ubuntu? (note it says configuration tool and not the actual firewall) and ufw is installed, but it is not running and is not configured at all, so it has no default rules set out of the box.
b. Gufw is a UI to ufw, but it's not installed by default. At least that is the case with Ubuntu Desktop 18.04 LTS.
c. iptables is the actual firewall which is built-in to the kernel as a module.
At this point know I can configure ufw as it's easy as abc, hence its name and to use it you only need to set deny (incoming), allow (outgoing), and start it and I also understand I could use Gufw to do this too. So I could just leave it there and do just that.
However, after all my research, I find many articles, questions and blogs on the subject consisting of what appears to be mainly views and opinion based, a lot of them stating that you dont need a firewall, there are no open ports, but I am thinking, surely some ports must open when I connect to the internet? and all the information I have read only serve to make this unclear and ambigous, so I digest all that information and try to make sense of it then reduce it down to a single statement and put into my own words and so a nutshell:
Ubuntu desktop users don't need ufw since it's merely a configuration tool for iptables which is the actual firewall under the hood.
So say I take the above statement literally, then is the following statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully configured and up and running out of the box with default rules that are sufficiently secure for the average desktop user namely deny (incoming), allow (outgoing).
Because if the above is true, then what would be the point in ufw except to provide an uncomplicated interface to iptables, which by all accounts is complicated and furthermore the experts advise you to avoid configuring iptables directly since if you don't know exactly what you are doing, you could easily render your system insecure or unusable, if it is misconfigured?
Here is an nmap scan of my system along with my firewall config, showing the open ports on my system:
Please could someone provide a concise relevant and a non-opinion fact based answer :)
iptables firewall ufw
asked yesterday
SteveSteve
566
Easiest to installgufwto assist setting this up.
– heynnema
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
1
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago
add a comment |
Let's assume:
- I have little or no knowledge of the inner workings of the Ubuntu/Linux OS. All I know is from my experience of Windows, is that I have to have a firewall configured and running before I connect to the Internet, otherwise my system would be about as secure as going on holiday and leaving my house with all the doors and windows open.
- I have just migrated to Ubuntu desktop 18.04 LTS and have just logged in for the first time. I want to secure my system before I connect my pc to the Internet.
(NB: Note the emphasis on the word desktop, so any references to server will not be pertinent to the question and therefore irrelevant)
and after some research on this subject I understand this much:
a. Is ufw the default firewall "configuration tool" for Ubuntu? (note it says configuration tool and not the actual firewall) and ufw is installed, but it is not running and is not configured at all, so it has no default rules set out of the box.
b. Gufw is a UI to ufw, but it's not installed by default. At least that is the case with Ubuntu Desktop 18.04 LTS.
c. iptables is the actual firewall which is built-in to the kernel as a module.
At this point know I can configure ufw as it's easy as abc, hence its name and to use it you only need to set deny (incoming), allow (outgoing), and start it and I also understand I could use Gufw to do this too. So I could just leave it there and do just that.
However, after all my research, I find many articles, questions and blogs on the subject consisting of what appears to be mainly views and opinion based, a lot of them stating that you dont need a firewall, there are no open ports, but I am thinking, surely some ports must open when I connect to the internet? and all the information I have read only serve to make this unclear and ambigous, so I digest all that information and try to make sense of it then reduce it down to a single statement and put into my own words and so a nutshell:
Ubuntu desktop users don't need ufw since it's merely a configuration tool for iptables which is the actual firewall under the hood.
So say I take the above statement literally, then is the following statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully configured and up and running out of the box with default rules that are sufficiently secure for the average desktop user namely deny (incoming), allow (outgoing).
Because if the above is true, then what would be the point in ufw except to provide an uncomplicated interface to iptables, which by all accounts is complicated and furthermore the experts advise you to avoid configuring iptables directly since if you don't know exactly what you are doing, you could easily render your system insecure or unusable, if it is misconfigured?
Here is an nmap scan of my system along with my firewall config, showing the open ports on my system:
Please could someone provide a concise relevant and a non-opinion fact based answer :)
iptables firewall ufw
asked yesterday
SteveSteve
566
Let's assume:
- I have little or no knowledge of the inner workings of the Ubuntu/Linux OS. All I know is from my experience of Windows, is that I have to have a firewall configured and running before I connect to the Internet, otherwise my system would be about as secure as going on holiday and leaving my house with all the doors and windows open.
- I have just migrated to Ubuntu desktop 18.04 LTS and have just logged in for the first time. I want to secure my system before I connect my pc to the Internet.
(NB: Note the emphasis on the word desktop, so any references to server will not be pertinent to the question and therefore irrelevant)
and after some research on this subject I understand this much:
a. Is ufw the default firewall "configuration tool" for Ubuntu? (note it says configuration tool and not the actual firewall) and ufw is installed, but it is not running and is not configured at all, so it has no default rules set out of the box.
b. Gufw is a UI to ufw, but it's not installed by default. At least that is the case with Ubuntu Desktop 18.04 LTS.
c. iptables is the actual firewall which is built-in to the kernel as a module.
At this point know I can configure ufw as it's easy as abc, hence its name and to use it you only need to set deny (incoming), allow (outgoing), and start it and I also understand I could use Gufw to do this too. So I could just leave it there and do just that.
However, after all my research, I find many articles, questions and blogs on the subject consisting of what appears to be mainly views and opinion based, a lot of them stating that you dont need a firewall, there are no open ports, but I am thinking, surely some ports must open when I connect to the internet? and all the information I have read only serve to make this unclear and ambigous, so I digest all that information and try to make sense of it then reduce it down to a single statement and put into my own words and so a nutshell:
Ubuntu desktop users don't need ufw since it's merely a configuration tool for iptables which is the actual firewall under the hood.
So say I take the above statement literally, then is the following statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully configured and up and running out of the box with default rules that are sufficiently secure for the average desktop user namely deny (incoming), allow (outgoing).
Because if the above is true, then what would be the point in ufw except to provide an uncomplicated interface to iptables, which by all accounts is complicated and furthermore the experts advise you to avoid configuring iptables directly since if you don't know exactly what you are doing, you could easily render your system insecure or unusable, if it is misconfigured?
Here is an nmap scan of my system along with my firewall config, showing the open ports on my system:
Please could someone provide a concise relevant and a non-opinion fact based answer :)
iptables firewall ufw
iptables firewall ufw
asked yesterday
SteveSteve
566
asked yesterday
SteveSteve
566
edited 22 hours ago
Steve
asked yesterday
SteveSteve
566
asked yesterday
SteveSteve
566
asked yesterday
SteveSteve
566
566
Easiest to installgufwto assist setting this up.
– heynnema
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
1
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago
add a comment |
Easiest to installgufwto assist setting this up.
– heynnema
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
1
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago
Easiest to install
gufw to assist setting this up.– heynnema
yesterday
Easiest to install
gufw to assist setting this up.– heynnema
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
1
1
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago
add a comment |
2 Answers
2
active
oldest
votes
The question changed considerably
New Answer
The TITLE Question
As a new Ubuntu desktop 18.04 LTS user, do I need to use
ufwfor a
firewall or is iptables sufficient?
Most home Ubuntu users don't need to install or use ufw. iptables is installed by default and is configured to do nothing. Why there is no need, is explained in more detail below.
The Other Question 1:
So say I take the above statement literally, then is the following
statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The statement is false
The statement is actually two statements joined by and. So if just one part of the whole statement is false, then the whole statement is false. Let's break it down:
iptablesis the built in firewall for Ubuntu Desktop
The above part is true.
Now let's look at the other part:
iptablesis fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The above part is false.
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore, even though iptables come installed by default in desktop Ubuntu it is not configured to do anything. That is, the default firewall has not rules set.
Thus, iptable is configured to do nothing when you install Ubuntu.
The Other Question 2:
Explanations for nmap and gufw image (I think this is what you want)
Your nmap shows the only two open ports are open to 127.0.0.1. This is a special IP address that refers to the computer itself. That is, the computer itself can talk to itself using these two open ports.
The gufw screenshot shows that there is no firewall rules setup. However, since you installed gufw and clicked on it, ufw is also installed (gufw uses ufw) and ufw is active. The default ufw configuration you mentioned above, deny (incoming) and allow (outgoing) is working. However, these rules don't apply to the computer itself, that is 127.0.0.1. This is (not necessary but) sufficient for a home user.
Original Answer ==>
Average home users don't need a firewall
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore if you don't run any server daemon, such as ssh server, you don't need any firewall. Thus, iptable is configured to do nothing when you install Ubuntu. See Do I need to activate the firewall? I only use Ubuntu for a home desktop use? for details.
If you run servers you need a firewall
If you are not an average home user, and want to do some advanced things, such as remotely access your desktop by ssh or run some other services, then you need a firewall. Your configuration of the firewall will depend on which server daemons you plan to run.
Even if you don't plan to run a server you may want a firewall with the default configuration of deny all incoming connections from all ports. This is to be doubly safe, in case, one day you want to install and run a server without realizing what you are doing. Without changing the default firewall configuration the server won't work as expected. You will scratch your head for hours before remembering that you activated the firewall. Then you may want to uninstall the server software, as it may not be worth the risk. Or you may want to configure the firewall to let the server work.
gufw is the easiest
gufw is a GUI interface for ufw, which in turn configures the iptables. Since you have been using Linux since 1990s, you may be comfortable with the command line or you may prefer the visual cues of a GUI. If you like a GUI, then use gufw. It is easy to understand and configure even for a novice.
ufw is easy
If you like the command line, ufw is easy enough.
iptables is not so easy
The reason we don't want anyone to fiddle directly with the iptables, and use ufw or gufw is because, it is very easy to mess up iptables and once you do, the system can break so badly that it may be unusable. The iptables-apply command has some built-in safeguards to protect the users from their mistakes.
Hope this helps
answered yesterday
user68186user68186
16.6k84970
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-iniptables-apply- a safer way to update iptables remotely
– jchook
21 hours ago
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
add a comment |
I recommend the simplicity of gufw especially adding applications' firewall profiles such as media servers or bittorrent apps:
Adding GUFW firewall application profiles is a breeze
So, if you are an Ubuntu 18.04 or greater user head over to:
Configure Ubuntu firewall ufw using gufw
as they summed it up better than I can.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1126196%2fas-a-new-ubuntu-desktop-18-04-lts-user-do-i-need-to-use-ufw-for-a-firewall-or-i%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The question changed considerably
New Answer
The TITLE Question
As a new Ubuntu desktop 18.04 LTS user, do I need to use
ufwfor a
firewall or is iptables sufficient?
Most home Ubuntu users don't need to install or use ufw. iptables is installed by default and is configured to do nothing. Why there is no need, is explained in more detail below.
The Other Question 1:
So say I take the above statement literally, then is the following
statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The statement is false
The statement is actually two statements joined by and. So if just one part of the whole statement is false, then the whole statement is false. Let's break it down:
iptablesis the built in firewall for Ubuntu Desktop
The above part is true.
Now let's look at the other part:
iptablesis fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The above part is false.
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore, even though iptables come installed by default in desktop Ubuntu it is not configured to do anything. That is, the default firewall has not rules set.
Thus, iptable is configured to do nothing when you install Ubuntu.
The Other Question 2:
Explanations for nmap and gufw image (I think this is what you want)
Your nmap shows the only two open ports are open to 127.0.0.1. This is a special IP address that refers to the computer itself. That is, the computer itself can talk to itself using these two open ports.
The gufw screenshot shows that there is no firewall rules setup. However, since you installed gufw and clicked on it, ufw is also installed (gufw uses ufw) and ufw is active. The default ufw configuration you mentioned above, deny (incoming) and allow (outgoing) is working. However, these rules don't apply to the computer itself, that is 127.0.0.1. This is (not necessary but) sufficient for a home user.
Original Answer ==>
Average home users don't need a firewall
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore if you don't run any server daemon, such as ssh server, you don't need any firewall. Thus, iptable is configured to do nothing when you install Ubuntu. See Do I need to activate the firewall? I only use Ubuntu for a home desktop use? for details.
If you run servers you need a firewall
If you are not an average home user, and want to do some advanced things, such as remotely access your desktop by ssh or run some other services, then you need a firewall. Your configuration of the firewall will depend on which server daemons you plan to run.
Even if you don't plan to run a server you may want a firewall with the default configuration of deny all incoming connections from all ports. This is to be doubly safe, in case, one day you want to install and run a server without realizing what you are doing. Without changing the default firewall configuration the server won't work as expected. You will scratch your head for hours before remembering that you activated the firewall. Then you may want to uninstall the server software, as it may not be worth the risk. Or you may want to configure the firewall to let the server work.
gufw is the easiest
gufw is a GUI interface for ufw, which in turn configures the iptables. Since you have been using Linux since 1990s, you may be comfortable with the command line or you may prefer the visual cues of a GUI. If you like a GUI, then use gufw. It is easy to understand and configure even for a novice.
ufw is easy
If you like the command line, ufw is easy enough.
iptables is not so easy
The reason we don't want anyone to fiddle directly with the iptables, and use ufw or gufw is because, it is very easy to mess up iptables and once you do, the system can break so badly that it may be unusable. The iptables-apply command has some built-in safeguards to protect the users from their mistakes.
Hope this helps
answered yesterday
user68186user68186
16.6k84970
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-iniptables-apply- a safer way to update iptables remotely
– jchook
21 hours ago
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
add a comment |
The question changed considerably
New Answer
The TITLE Question
As a new Ubuntu desktop 18.04 LTS user, do I need to use
ufwfor a
firewall or is iptables sufficient?
Most home Ubuntu users don't need to install or use ufw. iptables is installed by default and is configured to do nothing. Why there is no need, is explained in more detail below.
The Other Question 1:
So say I take the above statement literally, then is the following
statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The statement is false
The statement is actually two statements joined by and. So if just one part of the whole statement is false, then the whole statement is false. Let's break it down:
iptablesis the built in firewall for Ubuntu Desktop
The above part is true.
Now let's look at the other part:
iptablesis fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The above part is false.
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore, even though iptables come installed by default in desktop Ubuntu it is not configured to do anything. That is, the default firewall has not rules set.
Thus, iptable is configured to do nothing when you install Ubuntu.
The Other Question 2:
Explanations for nmap and gufw image (I think this is what you want)
Your nmap shows the only two open ports are open to 127.0.0.1. This is a special IP address that refers to the computer itself. That is, the computer itself can talk to itself using these two open ports.
The gufw screenshot shows that there is no firewall rules setup. However, since you installed gufw and clicked on it, ufw is also installed (gufw uses ufw) and ufw is active. The default ufw configuration you mentioned above, deny (incoming) and allow (outgoing) is working. However, these rules don't apply to the computer itself, that is 127.0.0.1. This is (not necessary but) sufficient for a home user.
Original Answer ==>
Average home users don't need a firewall
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore if you don't run any server daemon, such as ssh server, you don't need any firewall. Thus, iptable is configured to do nothing when you install Ubuntu. See Do I need to activate the firewall? I only use Ubuntu for a home desktop use? for details.
If you run servers you need a firewall
If you are not an average home user, and want to do some advanced things, such as remotely access your desktop by ssh or run some other services, then you need a firewall. Your configuration of the firewall will depend on which server daemons you plan to run.
Even if you don't plan to run a server you may want a firewall with the default configuration of deny all incoming connections from all ports. This is to be doubly safe, in case, one day you want to install and run a server without realizing what you are doing. Without changing the default firewall configuration the server won't work as expected. You will scratch your head for hours before remembering that you activated the firewall. Then you may want to uninstall the server software, as it may not be worth the risk. Or you may want to configure the firewall to let the server work.
gufw is the easiest
gufw is a GUI interface for ufw, which in turn configures the iptables. Since you have been using Linux since 1990s, you may be comfortable with the command line or you may prefer the visual cues of a GUI. If you like a GUI, then use gufw. It is easy to understand and configure even for a novice.
ufw is easy
If you like the command line, ufw is easy enough.
iptables is not so easy
The reason we don't want anyone to fiddle directly with the iptables, and use ufw or gufw is because, it is very easy to mess up iptables and once you do, the system can break so badly that it may be unusable. The iptables-apply command has some built-in safeguards to protect the users from their mistakes.
Hope this helps
answered yesterday
user68186user68186
16.6k84970
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-iniptables-apply- a safer way to update iptables remotely
– jchook
21 hours ago
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
add a comment |
The question changed considerably
New Answer
The TITLE Question
As a new Ubuntu desktop 18.04 LTS user, do I need to use
ufwfor a
firewall or is iptables sufficient?
Most home Ubuntu users don't need to install or use ufw. iptables is installed by default and is configured to do nothing. Why there is no need, is explained in more detail below.
The Other Question 1:
So say I take the above statement literally, then is the following
statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The statement is false
The statement is actually two statements joined by and. So if just one part of the whole statement is false, then the whole statement is false. Let's break it down:
iptablesis the built in firewall for Ubuntu Desktop
The above part is true.
Now let's look at the other part:
iptablesis fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The above part is false.
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore, even though iptables come installed by default in desktop Ubuntu it is not configured to do anything. That is, the default firewall has not rules set.
Thus, iptable is configured to do nothing when you install Ubuntu.
The Other Question 2:
Explanations for nmap and gufw image (I think this is what you want)
Your nmap shows the only two open ports are open to 127.0.0.1. This is a special IP address that refers to the computer itself. That is, the computer itself can talk to itself using these two open ports.
The gufw screenshot shows that there is no firewall rules setup. However, since you installed gufw and clicked on it, ufw is also installed (gufw uses ufw) and ufw is active. The default ufw configuration you mentioned above, deny (incoming) and allow (outgoing) is working. However, these rules don't apply to the computer itself, that is 127.0.0.1. This is (not necessary but) sufficient for a home user.
Original Answer ==>
Average home users don't need a firewall
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore if you don't run any server daemon, such as ssh server, you don't need any firewall. Thus, iptable is configured to do nothing when you install Ubuntu. See Do I need to activate the firewall? I only use Ubuntu for a home desktop use? for details.
If you run servers you need a firewall
If you are not an average home user, and want to do some advanced things, such as remotely access your desktop by ssh or run some other services, then you need a firewall. Your configuration of the firewall will depend on which server daemons you plan to run.
Even if you don't plan to run a server you may want a firewall with the default configuration of deny all incoming connections from all ports. This is to be doubly safe, in case, one day you want to install and run a server without realizing what you are doing. Without changing the default firewall configuration the server won't work as expected. You will scratch your head for hours before remembering that you activated the firewall. Then you may want to uninstall the server software, as it may not be worth the risk. Or you may want to configure the firewall to let the server work.
gufw is the easiest
gufw is a GUI interface for ufw, which in turn configures the iptables. Since you have been using Linux since 1990s, you may be comfortable with the command line or you may prefer the visual cues of a GUI. If you like a GUI, then use gufw. It is easy to understand and configure even for a novice.
ufw is easy
If you like the command line, ufw is easy enough.
iptables is not so easy
The reason we don't want anyone to fiddle directly with the iptables, and use ufw or gufw is because, it is very easy to mess up iptables and once you do, the system can break so badly that it may be unusable. The iptables-apply command has some built-in safeguards to protect the users from their mistakes.
Hope this helps
answered yesterday
user68186user68186
16.6k84970
The question changed considerably
New Answer
The TITLE Question
As a new Ubuntu desktop 18.04 LTS user, do I need to use
ufwfor a
firewall or is iptables sufficient?
Most home Ubuntu users don't need to install or use ufw. iptables is installed by default and is configured to do nothing. Why there is no need, is explained in more detail below.
The Other Question 1:
So say I take the above statement literally, then is the following
statement true?:
iptables is the built in firewall for Ubuntu Desktop and is fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The statement is false
The statement is actually two statements joined by and. So if just one part of the whole statement is false, then the whole statement is false. Let's break it down:
iptablesis the built in firewall for Ubuntu Desktop
The above part is true.
Now let's look at the other part:
iptablesis fully
configured and up and running out of the box with default rules that
are sufficiently secure for the average desktop user namely deny
(incoming), allow (outgoing).
The above part is false.
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore, even though iptables come installed by default in desktop Ubuntu it is not configured to do anything. That is, the default firewall has not rules set.
Thus, iptable is configured to do nothing when you install Ubuntu.
The Other Question 2:
Explanations for nmap and gufw image (I think this is what you want)
Your nmap shows the only two open ports are open to 127.0.0.1. This is a special IP address that refers to the computer itself. That is, the computer itself can talk to itself using these two open ports.
The gufw screenshot shows that there is no firewall rules setup. However, since you installed gufw and clicked on it, ufw is also installed (gufw uses ufw) and ufw is active. The default ufw configuration you mentioned above, deny (incoming) and allow (outgoing) is working. However, these rules don't apply to the computer itself, that is 127.0.0.1. This is (not necessary but) sufficient for a home user.
Original Answer ==>
Average home users don't need a firewall
Default Ubuntu desktop installation has no ports open, and no servers running. Therefore if you don't run any server daemon, such as ssh server, you don't need any firewall. Thus, iptable is configured to do nothing when you install Ubuntu. See Do I need to activate the firewall? I only use Ubuntu for a home desktop use? for details.
If you run servers you need a firewall
If you are not an average home user, and want to do some advanced things, such as remotely access your desktop by ssh or run some other services, then you need a firewall. Your configuration of the firewall will depend on which server daemons you plan to run.
Even if you don't plan to run a server you may want a firewall with the default configuration of deny all incoming connections from all ports. This is to be doubly safe, in case, one day you want to install and run a server without realizing what you are doing. Without changing the default firewall configuration the server won't work as expected. You will scratch your head for hours before remembering that you activated the firewall. Then you may want to uninstall the server software, as it may not be worth the risk. Or you may want to configure the firewall to let the server work.
gufw is the easiest
gufw is a GUI interface for ufw, which in turn configures the iptables. Since you have been using Linux since 1990s, you may be comfortable with the command line or you may prefer the visual cues of a GUI. If you like a GUI, then use gufw. It is easy to understand and configure even for a novice.
ufw is easy
If you like the command line, ufw is easy enough.
iptables is not so easy
The reason we don't want anyone to fiddle directly with the iptables, and use ufw or gufw is because, it is very easy to mess up iptables and once you do, the system can break so badly that it may be unusable. The iptables-apply command has some built-in safeguards to protect the users from their mistakes.
Hope this helps
answered yesterday
user68186user68186
16.6k84970
edited 21 hours ago
answered yesterday
user68186user68186
16.6k84970
answered yesterday
user68186user68186
16.6k84970
answered yesterday
user68186user68186
16.6k84970
16.6k84970
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-iniptables-apply- a safer way to update iptables remotely
– jchook
21 hours ago
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
add a comment |
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-iniptables-apply- a safer way to update iptables remotely
– jchook
21 hours ago
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
OK thanks for you answer and your time, apologies for any inconvenience but it appears I am going to have to rewrite my question to clarify and simplify the question and details
– Steve
yesterday
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
Thanks for your revised answer and again apologies since I have made further edits as I have been looking into all the comments and links to other questions, for some time and I wantted to try to include all the points I needed to make regarding why the other answers for one reason or another dont sufficiently answer my question and that is my final edit.
– Steve
22 hours ago
1
1
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-in
iptables-apply - a safer way to update iptables remotely– jchook
21 hours ago
Just want to point out that iptables has a mechanism to prevent the lockout situation you described. You use the built-in
iptables-apply - a safer way to update iptables remotely– jchook
21 hours ago
1
1
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
@jchook Thanks for mentioning this. The more people read and comment on my answer, I get to learn more new things. :D
– user68186
21 hours ago
add a comment |
I recommend the simplicity of gufw especially adding applications' firewall profiles such as media servers or bittorrent apps:
Adding GUFW firewall application profiles is a breeze
So, if you are an Ubuntu 18.04 or greater user head over to:
Configure Ubuntu firewall ufw using gufw
as they summed it up better than I can.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I recommend the simplicity of gufw especially adding applications' firewall profiles such as media servers or bittorrent apps:
Adding GUFW firewall application profiles is a breeze
So, if you are an Ubuntu 18.04 or greater user head over to:
Configure Ubuntu firewall ufw using gufw
as they summed it up better than I can.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I recommend the simplicity of gufw especially adding applications' firewall profiles such as media servers or bittorrent apps:
Adding GUFW firewall application profiles is a breeze
So, if you are an Ubuntu 18.04 or greater user head over to:
Configure Ubuntu firewall ufw using gufw
as they summed it up better than I can.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I recommend the simplicity of gufw especially adding applications' firewall profiles such as media servers or bittorrent apps:
Adding GUFW firewall application profiles is a breeze
So, if you are an Ubuntu 18.04 or greater user head over to:
Configure Ubuntu firewall ufw using gufw
as they summed it up better than I can.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 23 hours ago
quantanglementquantanglement
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 23 hours ago
quantanglementquantanglement
11
answered 23 hours ago
quantanglementquantanglement
11
11
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
quantanglement is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1126196%2fas-a-new-ubuntu-desktop-18-04-lts-user-do-i-need-to-use-ufw-for-a-firewall-or-i%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Easiest to install
gufwto assist setting this up.– heynnema
yesterday
What is unclear in this? askubuntu.com/questions/178616/…
– Pilot6
yesterday
You don't need ANY firewall if you don't have network services running. So it doesn't matter how and what is configured.
– Pilot6
yesterday
If you think my answer is correct, Please put a green check mark (✅) on the left margin of my answer. This will mark the problem as solved and help others with similar questions.
– user68186
22 hours ago
1
I have added to my answer. At this point I have to remind you, that this is a question answer site, not a discussion forum. Please don't add new components to the question as I answer old ones. If you keep doing this, the question may be closed as too broad. Ask a new follow up question and refer to this question if you need.
– user68186
21 hours ago