A few days ago, we have shown you how to install, configure and setup firewall with UFW on various Linux distributions. As you already know, UFW is a command line firewall application. Some of you may not be comfortable with command line mode. Fortunately, there is a graphical front-end for UFW available. In this guide, we will see what is Gufw and how to setup firewall with Gufw on Linux desktop operating systems.
Table of Contents
1. Introduction to Gufw
Gufw is a graphical front-end application to manage the Uncomplicated Firewall (UFW) in Linux. Gufw is mainly developed to install and configure firewall for Linux desktops.
Trust me, Gufw is one of easiest firewall ever I have tried. Enabling and disabling firewall rules are just a mouse-click away!
When you use Gufw to add or remove a rule, it simply runs the respective ufw commands at the backend and apply the intended rule.
Gufw is an open-source application written in Python. The source code is freely available in GitHub under the GPL3 license.
2. Install Gufw in Linux
Gufw comes pre-installed in some Linux distributions. To check if it is installed, type firewall in the Dash:
You can also check if gufw is installed from the terminal by running the following command:
$ which gufw /usr/bin/gufw
If Gufw is not installed on your system, you can install it using your distribution's package manager. Gufw is packaged for many popular Linux systems.
Install Gufw on Arch Linux and its variants like EndeavourOS, Manjaro Linux:
$ sudo pacman -S gufw
Install Gufw on Debian, Ubuntu, Linux Mint, Pop_OS!
$ sudo apt install gufw
Install Gufw on Fedora:
$ sudo rpm -Uvh 'https://github.com/rpmsphere/noarch/blob/master/r/rpmsphere-release-38-1.noarch.rpm?raw=true' $ sudo dnf install gufw
Install Gufw in openSUSE Tumbleweed:
$ sudo zypper install gufw
Install Gufw in openSUSE Leap:
$ sudo zypper addrepo https://download.opensuse.org/repositories/security/openSUSE_Tumbleweed/security.repo $ sudo zypper refresh $ sudo zypper install gufw
3. Setup firewall with Gufw on Linux
Gufw is created with the goal of being an intuitive and a simple user-friendly application. Anyone can easily setup a fully-functional firewall in couple mouse clicks with Gufw.
3.1. Enable and disable firewall
To enable or disable the UFW firewall, simply toggle on/off the status switch as shown in the below image.
3.2. Default profiles
To make firewall configuration easier, Gufw includes three pre-configured profiles. Depending upon the selected profile, the incoming and outgoing network packets are controlled.
PROFILES | INCOMING | OUTGOING |
HOME | DENY | ALLOW |
PUBLIC | REJECT | ALLOW |
OFFICE | DENY | ALLOW |
If you wonder what is the difference between Deny
and Reject
, Deny will just drop the packets, and Reject will drop the packets and send a message back to the user with error messages.
Setting up a profile is pretty simple. From the UFW main window, select a profile from the drop-down list.
Depending upon the network type, choose or adjust the profiles accordingly. Let's say if you're at the airport and wanted to use the airport public network, you can then simply choose PUBLIC profile from the Profile drop-down box.
3.3. Create new profile
It is also possible to create custom profiles. Go to EDIT -> PREFERENCES, it will open up a small window. Look out for the profiles section and click the (+) symbol which will add a new profile. You can double-click the profile to rename it.
Default incoming will be “Deny” and outgoing will be “Allow” for all custom profiles you create. You can modify it too.
Heads Up: You cannot name a custom profile with more than 15 characters.
3.4. Remove profiles
To remove a profile, select it and press the (-) button. Make sure the profile is deactivated. You cannot remove the profile if that profile is active.
3.5. Add new rules
Creating custom rules is simple. Under the Rules section, press the (+) button. A new window will appear with
three sections. We will first look at the simple rule section.
When creating a rule, enter the name of the policy, type of policy (allow or deny or reject), direction (incoming or outgoing), choose the protocol type and enter the port number and click Add. By default, the profile rejects all incoming connections.
The following screenshot shows how to create a new rule to accept incoming connections for port 22.
You can also create rules for a set of ports instead of a single port. Press ( + ) button again to add new rule. Fill in all the details as usual. In the port filed, add “FROM:TO” port range.
Here I have added the rule to accept connections from port 22 to 24.
You can also create more fine-grained rules from "Advanced" tab. I am creating a new rule to accept incoming connections for port 3306 (MySQL).
Here is the brief description of each parameter in the above section:
Name
- Any descriptive name for your rule.Insert
- It will accept integer values and add your rule to that position in the policy table. The lower the value, the higher the priority.Policy
- Sets allow, deny, or reject the connections.Interfaces
- Shows the list of interfaces to which it will accept connections.Log
- Controls logging option. If you need more logs to be generated, seelct "Log All".Protocol
- Supports TCP/UDP protocol. Choose accordingly.Source and Destination
- I can control from which IP and subnet connection should be accepted or rejected. For example, if you want to connect to MySQL port 3306 from any machine that comes under 192.168.1.1/24, then you can add this in From tab. I am creating a rule for MySQL, so I can either add 3306 or mysql in the port section as shown in the above image.
3.6. View list of rules
You can view the list of rules created in the main window under the rules tab.
3.7. Delete rules
To delete a rule, select the rule and press the (-) button at the bottom of the rules tab.
By default when you delete a rule it will not prompt for confirmation to remove the rule. To enable delete on confirmation, go to EDIT -> PREFERENCES and check the "Show confirm dialog for deleting rules" box.
3.8. Enable logging in Gufw
To enable or disable logging, go to EDIT -> PREFERENCES, and look out for the logging section at the top. You can choose logging levels (Low, Medium, High, Full).
All logs can be found under the logs section:
3.9. Export and import profile
You can export profiles you created and import them to any machine to apply the same rules.
To export profile, go to "File -> Export this profile" and save it in any location of your choice. By default, profile will be saved under /etc/gufw/
and with .profile
extension.
The profiles are just plain text files. You can view the using any text editors:
$ sudo cat personal.profile
To import a profile, go to "File -> Import Profile" and choose the profile file from the saved location. Once the profile is imported, you can choose the imported profile from the Profile drop down box
You can verify when the profile is imported or changed from the log tab as well.
[22/07/21 09:19:26 AM IST] Changing profile: personal [22/07/21 09:18:54 AM IST] Profile imported: /etc/gufw/personal.profile
3.10. Reset firewall
Go to Menu "Edit -> Reset Current Profile". A confirmation box will pop up. Click Yes to confirm the reset. This will remove all rules and disable the firewall.
4. Conclusion
In this guide, we have shown all the steps to setup firewall with Gufw in Linux. As you can see, installing and configuring Firewall with Gufw is very easy!
If you're looking for a simple firewall for your personal desktop systems, Gufw might be a good choice.
Resource:
2 comments
Update to the Fedora instructions:
sudo rpm -Uvh ‘https://github.com/rpmsphere/noarch/blob/master/r/rpmsphere-release-38-1.noarch.rpm?raw=true’
Updated. Thanks for the heads up.