Home Gufw How To Setup Firewall With Gufw On Linux Desktop

How To Setup Firewall With Gufw On Linux Desktop

By Karthick
Published: Updated: 11.1K views

A few days ago, we have shown you how to install, configure and setup firewall with UFW on various Linux distributions. As you already know, UFW is a command line firewall application. Some of you may not be comfortable with command line mode. Fortunately, there is a graphical front-end for UFW available. In this guide, we will see what is Gufw and how to setup firewall with Gufw on Linux desktop operating systems.

1. Introduction to Gufw

Gufw is a graphical front-end application to manage the Uncomplicated Firewall (UFW) in Linux. Gufw is mainly developed to install and configure firewall for Linux desktops.

Trust me, Gufw is one of easiest firewall ever I have tried. Enabling and disabling firewall rules are just a mouse-click away!

When you use Gufw to add or remove a rule, it simply runs the respective ufw commands at the backend and apply the intended rule.

Gufw is an open-source application written in Python. The source code is freely available in GitHub under the GPL3 license.

2. Install Gufw in Linux

Gufw comes pre-installed in some Linux distributions. To check if it is installed, type firewall in the Dash:

Launch Gufw in Linux
Launch Gufw in Linux

You can also check if gufw is installed from the terminal by running the following command:

$ which gufw
/usr/bin/gufw

If Gufw is not installed on your system, you can install it using your distribution's package manager. Gufw is packaged for many popular Linux systems.

Install Gufw on Arch Linux and its variants like EndeavourOS, Manjaro Linux:

$ sudo pacman -S gufw

Install Gufw on Debian, Ubuntu, Linux Mint, Pop_OS!

$ sudo apt install gufw

Install Gufw on Fedora:

$ sudo rpm -Uvh 'https://github.com/rpmsphere/noarch/blob/master/r/rpmsphere-release-38-1.noarch.rpm?raw=true'
$ sudo dnf install gufw

Install Gufw in openSUSE Tumbleweed:

$ sudo zypper install gufw

Install Gufw in openSUSE Leap:

$ sudo zypper addrepo https://download.opensuse.org/repositories/security/openSUSE_Tumbleweed/security.repo
$ sudo zypper refresh
$ sudo zypper install gufw

3. Setup firewall with Gufw on Linux

Gufw is created with the goal of being an intuitive and a simple user-friendly application. Anyone can easily setup a fully-functional firewall in couple mouse clicks with Gufw.

3.1. Enable and disable firewall

To enable or disable the UFW firewall, simply toggle on/off the status switch as shown in the below image.

Enable or disable UFW firewall
Enable or disable UFW firewall

3.2. Default profiles

To make firewall configuration easier, Gufw includes three pre-configured profiles. Depending upon the selected profile, the incoming and outgoing network packets are controlled.

PROFILESINCOMINGOUTGOING
HOMEDENYALLOW
PUBLICREJECTALLOW
OFFICEDENYALLOW
Default Gufw profiles

If you wonder what is the difference between Deny and Reject, Deny will just drop the packets, and Reject will drop the packets and send a message back to the user with error messages.

Setting up a profile is pretty simple. From the UFW main window, select a profile from the drop-down list.

Choose firewall profile in Gufw
Choose firewall profile in Gufw

Depending upon the network type, choose or adjust the profiles accordingly. Let's say if you're at the airport and wanted to use the airport public network, you can then simply choose PUBLIC profile from the Profile drop-down box.

3.3. Create new profile

It is also possible to create custom profiles. Go to EDIT -> PREFERENCES, it will open up a small window. Look out for the profiles section and click the (+) symbol which will add a new profile. You can double-click the profile to rename it.

Create new profile in Gufw
Create new profile in Gufw

Default incoming will be “Deny” and outgoing will be “Allow” for all custom profiles you create. You can modify it too.

Heads Up: You cannot name a custom profile with more than 15 characters.

3.4. Remove profiles

To remove a profile, select it and press the (-) button. Make sure the profile is deactivated. You cannot remove the profile if that profile is active.

3.5. Add new rules

Creating custom rules is simple. Under the Rules section, press the (+) button. A new window will appear with
three sections. We will first look at the simple rule section.

When creating a rule, enter the name of the policy, type of policy (allow or deny or reject), direction (incoming or outgoing), choose the protocol type and enter the port number and click Add. By default, the profile rejects all incoming connections.

The following screenshot shows how to create a new rule to accept incoming connections for port 22.

Create new firewall rule in Gufw
Create new firewall rule in Gufw

You can also create rules for a set of ports instead of a single port. Press ( + ) button again to add new rule. Fill in all the details as usual. In the port filed, add “FROM:TO” port range.

Here I have added the rule to accept connections from port 22 to 24.

Define port range in Gufw
Define port range in Gufw

You can also create more fine-grained rules from "Advanced" tab. I am creating a new rule to accept incoming connections for port 3306 (MySQL).

Advanced configuration rules in Gufw
Advanced configuration rules in Gufw

Here is the brief description of each parameter in the above section:

  1. Name - Any descriptive name for your rule.
  2. Insert - It will accept integer values and add your rule to that position in the policy table. The lower the value, the higher the priority.
  3. Policy - Sets allow, deny, or reject the connections.
  4. Interfaces - Shows the list of interfaces to which it will accept connections.
  5. Log - Controls logging option. If you need more logs to be generated, seelct "Log All".
  6. Protocol - Supports TCP/UDP protocol. Choose accordingly.
  7. Source and Destination - I can control from which IP and subnet connection should be accepted or rejected. For example, if you want to connect to MySQL port 3306 from any machine that comes under 192.168.1.1/24, then you can add this in From tab. I am creating a rule for MySQL, so I can either add 3306 or mysql in the port section as shown in the above image.

3.6. View list of rules

You can view the list of rules created in the main window under the rules tab.

View firewall rules in Gufw
View firewall rules in Gufw

3.7. Delete rules

To delete a rule, select the rule and press the (-) button at the bottom of the rules tab.

By default when you delete a rule it will not prompt for confirmation to remove the rule. To enable delete on confirmation, go to EDIT -> PREFERENCES and check the "Show confirm dialog for deleting rules" box.

Enable delete on confirmation
Enable delete on confirmation

3.8. Enable logging in Gufw

To enable or disable logging, go to EDIT -> PREFERENCES, and look out for the logging section at the top. You can choose logging levels (Low, Medium, High, Full).

Enable Logging in Gufw
Enable Logging in Gufw

All logs can be found under the logs section:

View logs
View logs

3.9. Export and import profile

You can export profiles you created and import them to any machine to apply the same rules.

To export profile, go to "File -> Export this profile" and save it in any location of your choice. By default, profile will be saved under /etc/gufw/ and with .profile extension.

The profiles are just plain text files. You can view the using any text editors:

$ sudo cat personal.profile
View profile file
View profile file

To import a profile, go to "File -> Import Profile" and choose the profile file from the saved location. Once the profile is imported, you can choose the imported profile from the Profile drop down box

You can verify when the profile is imported or changed from the log tab as well.

[22/07/21 09:19:26 AM IST] Changing profile: personal
[22/07/21 09:18:54 AM IST] Profile imported: /etc/gufw/personal.profile

3.10. Reset firewall

Go to Menu "Edit -> Reset Current Profile". A confirmation box will pop up. Click Yes to confirm the reset. This will remove all rules and disable the firewall.

4. Conclusion

In this guide, we have shown all the steps to setup firewall with Gufw in Linux. As you can see, installing and configuring Firewall with Gufw is very easy!

If you're looking for a simple firewall for your personal desktop systems, Gufw might be a good choice.

Resource:

2 comments

reentry October 23, 2023 - 4:11 am

Update to the Fedora instructions:
sudo rpm -Uvh ‘https://github.com/rpmsphere/noarch/blob/master/r/rpmsphere-release-38-1.noarch.rpm?raw=true’

Reply
sk October 24, 2023 - 11:59 am

Updated. Thanks for the heads up.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More