Developer comments
Gufw, a graphical frontend for ufw, is now on the Intrepid repository!
1615
votes
|
|
2066
0
451
|
|
|
|
|
Attachments
No attachments.
Duplicates
Comments
|
zelut
wrote on the 28 Feb 08 at 15:43
|
|
|
|
ufw is supposed to be very simple in a CLI environment. There are already many graphical interfaces for firewalling utilities such as Firestarter, etc.
|
|
arzajac
wrote on the 28 Feb 08 at 18:31
|
|
|
There is no need for a firewall on a desktop system.
By default, nothing listens to the network. If you need to install something that does, you will have to open up your firewall anyway. It's a waste of time and a false sense of security.
|
|
Phase
wrote on the 28 Feb 08 at 23:49
|
|
|
except, when a trojan opens a port but do not modify the ruleset or ...
anyway - a firewall system is no waste of time ...
|
|
defcon
wrote on the 29 Feb 08 at 02:31
|
|
|
|
I agree with this feature, some people will need to open certain ports for certain applications, and may want to block certain applications from certain ip ranges. Add a few nice features in an easy/basic gui and a firewall log monitor and we will see allot of happy people.
|
|
bluecat9
wrote on the 29 Feb 08 at 03:22
|
|
|
|
I'm not positive but I think a similar idea is on paper for the release after Hardy... (simple firewall)
|
|
Vadim P.
wrote on the 29 Feb 08 at 05:30
|
|
|
|
Yes, but it'll be terminal-only.
|
|
jelly1
wrote on the 29 Feb 08 at 10:57
|
|
|
|
It would be nice if there was a simple GUI firewall for noobs and people how don;t have the time to learn iptables etc. Firestarter is a good one, why doesn't it come to ubuntu by default?
|
|
|
Quite frankly, I'm a bit shocked that there isn't already a GUI frontend for UFW.
What's the point in creating an "easy-to-use" CLI frontend for iptables if most if the users are a bit shy around that very same CLI?
|
|
adelie
wrote on the 29 Feb 08 at 22:09
|
|
|
|
This is more of an issue with 'other operating systems', and once you need a tool like this in Gnu / Linux, I would doubt you would want just some little GUI to do it for you.
|
|
|
|
If I may say, nice work but moot. I've run 100% non-firewalled Windows XP on 10mbit copper connection 24/7 for couple years. Not one single security problem. I have run non-firewalled Linux for years. It's a storm out there but it does not do a thing. Why? There are two very simple reasons. First of all, firewalls affect the symptoms and not the reasons of security problems. Manage your platform well (updates, sane configuration etc) and you have managed the reasons. Second, if you have a vulnerability in some daemon or like you will be opening most likely a hole for it anyways - making the firewall in most cases useless anyways. On top of that firewalls break easily intented network usage and provide a huge potential common point of failure. In the end of the day firewalls do NOT belong on simple desktops at all.
|
|
|
arzajac is correct when he said:
"There is no need for a firewall on a desktop system.
By default, nothing listens to the network. If you need to install something that does, you will have to open up your firewall anyway. It's a waste of time and a false sense of security. "
So, perhaps all that would be needed is a gui which displays what ports are open, because of software you've installed on the system, along with the option of closing the ports (thus disabling the connectivity of the software) or uninstalling the package opening the port.
Complicated rules aren't needed, because everything is closed by default, but it would be nice to know what is open without having to run nmap on yourself.
|
|
defcon
wrote on the 1 Mar 08 at 07:06
|
|
|
|
I would personally prefer an easy to use Gnome Panel Applet, a full application is unneeded. Although both would be awesome!
|
|
smejky
wrote on the 2 Mar 08 at 14:07
|
|
|
|
I would like to see a GUI written in PyGTK.
|
|
gabim
wrote on the 3 Mar 08 at 15:18
|
|
|
Yes, it is right, the ufw is supposed to be very simple in a CLI environment and there are not any plans for a GUI.
But, the ufw is so uncomplicated and so clear that it is suitable for the basis of a good graphical firewall for the Ubuntu. It is so revolutionary (as the Ubuntu also) that the graphical user interface is a must have feature for the ufw.
It is a big mistake to say there is not any need for a default, enabled, built-in firewall because "by default, nothing listens to the network" and because "this is a desktop system".
The newly installed system is not in the state "by default" for a long time, because the user begins to use it and install it and configure it. Installs some server applications (e.g. Apache or MySQL), installs some peer to peer applications (e.g. torrent clients) and so on. This is absolutely normal on a Linux desktop nowadays, he/she does not want to build a server, just a personalized functional desktop system. And at this moment, there is a new situation by the installation of these applications: many uncontrolled open ports. From this moment on we can interpret the built-in enabled firewall as a useful feature which can help to keep the desktop system secure. And the well designed GUI helps to keep the necessary firewall rules up to date and well designed for the daily purposes.
|
|
arzajac
wrote on the 3 Mar 08 at 18:34
|
|
|
>And at this moment, there is a new situation by the >installation of these applications: many uncontrolled open >ports.
How do you define uncontrolled?
When you install an application, it should work. You should not need to disable a port as an extra step. And if you are simply running an application like apache for example, that doesn't make your system more vulnerable in of itself.
The user may very well make the computer vulnerable, but a firewall will not prevent that. The very same user who would install an insecure web application on top of apache will nonetheless open the port. A firewall won't stop that.
You should be able to install and configure a firewall if you need/want to, but it should not be there by default.
>From this moment on we can interpret the built-in enabled >firewall as a useful feature which can help to keep the >desktop system secure.
If you think that a firewall is keeping you safe, you are mistaken. A firewall is easily avoided by either the user or the malicious software exploit.
And malicious code does not install itself on your computer through open ports like that. You are not putting the Ubuntu Desktop user at risk by not including a firewall by default.
|
|
|
|
UFW is a Python script for iptables.
|
|
|
|
What you really want is a GUI for iptables.
|
|
guyome
wrote on the 23 Mar 08 at 16:39
|
|
|
In fact, we want a graphical interface to manage firewall on Ubuntu. The development of Firestarter is very slow and it's not easy to use it with Vpn, for example.
It would be a great feature to have an GUI who's as efficient as iptables...
|
|
|
|
Can someone outline the pro's and con's of having a firewall, and back up the statements with references? I would but i would most likely produce biased results - as well as including IDS or IPS or whatever its name is these days...
|
|
|
|
Can someone outline the pro's and con's of having a firewall, and back up the statements with references? I would but i would most likely produce biased results - as well as including IDS or IPS or whatever its name is these days... what about integrating "Untangle" into ubuntu server and the IDS/IPS system into ubuntu desktop? Its all GPL'd software - Untangle could stand an interface rewrite to be more like CISCO equipment, and i hate cisco!
|
|
|
|
I use guarddog for KDE on Gnome. It works fine. I think the gui is very intuitive. I would like to see something similar for ufw. Ufw seems to be very simple from the command line. I will have to take it for a test drive.
|
|
|
"Can someone outline the pro's and con's of having a firewall, and back up the statements with references?" what is this, are we doing your homework for you? Pros: security. Cons: you have to manage it. What more do you need to know?
Anyway I just want to say that this is a super-silly suggestion. ufw is an interface to iptables. What we need is a more convenient interface to iptables. Firestarter is inadequate because it can only handle two interfaces tops, one inside and one outside, due to its fundamentally primitive design (of the GUI.) I would propose something based on the ipmasq package, or something totally new.
I manage my firewall with fwbuilder but this is too advanced for most users.
|
|
deejross
wrote on the 13 May 08 at 14:55
|
|
|
|
UFW is itself a frontend for iptables. And there's already several GUI's for iptables. Firestarter works pretty well. But most likely, you will be using a firewall on a server machine where there is no desktop, and therefore, no gui...hence the need for a simple, text-based frontend for iptables...ufw.
|
|
|
Hello.
I made a simple GUI in Python + Glade.
You can download it at:
http://code.google.com/p/gui-ufw/
To install follow the instructions of the file installation.
A greeting.
|
|
Vadim P.
wrote on the 12 Jun 08 at 00:04
|
|
|
|
Wow, very nice. Thank you
|
|
TrAndy
wrote on the 12 Jun 08 at 11:22
|
|
|
Intro
-----
Yes, Windoze users would like to see this as X only users too.
I'm neither the first nor the latter, anyway because an X environment has been present since the early times of Linux, it is correct to be coherent with.
Real GUI environments shouldn't require the use of the keyboard (as far as it makes sense).
To the facts
------------
Please, and I underline, Please!, make the GUI IPv4 AND IPv6! aware.
IPv6 is not so far as you think.
The first step would be to have care of IPv6onIPv4 tunnels and then of the native IPv6 access.
Fortunately UFW takes account of IPv6 so be consequent.
Regards
Andreas Troschka
|
|
Thelasko
wrote on the 27 Jun 08 at 19:40
|
|
|
|
If it doesn't have a GUI then it's not "uncomplicated"
|
|
Vadim P.
wrote on the 27 Jun 08 at 20:43
|
|
|
Uncomplicated for server admins, for who ufw was intended ;)
gufw is for users
|
|
Vadim P.
wrote on the 25 Jul 08 at 14:29
|
|
|
0.0.7 release is out :)
http://gufw.tuxfamily.org/
By the way, we're looking for people to help us make a proper .deb, a PPA, and get it into Ubuntu - so if you've been through this process before, please help everybody out!
|
|
|
0.20.0 release is out :)
http://gufw.tuxfamily.org/
By the way, we're looking for people to help us make a proper .deb, a PPA, and get it into Ubuntu - so if you've been through this process before, please help everybody out!
|
|
vprasaj
wrote on the 26 Sep 08 at 08:06
|
|
|
|
Thanx! :)
|
|
gabim
wrote on the 2 Oct 08 at 07:58
|
|
|
|
Thank you very much! :)
|
Post your comment
|
