http://brainstorm.ubuntu.com/item/22/
[1615 votes] Solution #1: Auto-generated solution of idea #22


]]> en-us Thu, 28 Feb 2008 14:43:07 +0000 Fri, 23 Oct 2009 06:38:44 +0000 QAPoll module http://brainstorm.ubuntu.com/idea/22/ Thu, 28 Feb 2008 15:43:07 +0000
By default, nothing listens to the network. If you need to install something that does, you will have to open up your firewall anyway. It's a waste of time and a false sense of security.
]]> Thu, 28 Feb 2008 18:31:37 +0000
anyway - a firewall system is no waste of time ...]]> Thu, 28 Feb 2008 23:49:36 +0000 Fri, 29 Feb 2008 02:31:11 +0000 Fri, 29 Feb 2008 03:22:37 +0000 Fri, 29 Feb 2008 05:30:02 +0000 Fri, 29 Feb 2008 10:57:10 +0000 https://wiki.ubuntu.com/UbuntuFirewall
For now I don't see any plans for a GUI.]]> Fri, 29 Feb 2008 12:46:58 +0000 What's the point in creating an "easy-to-use" CLI frontend for iptables if most if the users are a bit shy around that very same CLI?]]> Fri, 29 Feb 2008 21:04:40 +0000 Fri, 29 Feb 2008 22:09:32 +0000 Fri, 29 Feb 2008 22:39:26 +0000
"There is no need for a firewall on a desktop system.

By default, nothing listens to the network. If you need to install something that does, you will have to open up your firewall anyway. It's a waste of time and a false sense of security. "

So, perhaps all that would be needed is a gui which displays what ports are open, because of software you've installed on the system, along with the option of closing the ports (thus disabling the connectivity of the software) or uninstalling the package opening the port.

Complicated rules aren't needed, because everything is closed by default, but it would be nice to know what is open without having to run nmap on yourself. ]]> Fri, 29 Feb 2008 22:52:10 +0000 Sat, 01 Mar 2008 07:06:44 +0000 Sun, 02 Mar 2008 14:07:43 +0000
But, the ufw is so uncomplicated and so clear that it is suitable for the basis of a good graphical firewall for the Ubuntu. It is so revolutionary (as the Ubuntu also) that the graphical user interface is a must have feature for the ufw.

It is a big mistake to say there is not any need for a default, enabled, built-in firewall because "by default, nothing listens to the network" and because "this is a desktop system".

The newly installed system is not in the state "by default" for a long time, because the user begins to use it and install it and configure it. Installs some server applications (e.g. Apache or MySQL), installs some peer to peer applications (e.g. torrent clients) and so on. This is absolutely normal on a Linux desktop nowadays, he/she does not want to build a server, just a personalized functional desktop system. And at this moment, there is a new situation by the installation of these applications: many uncontrolled open ports. From this moment on we can interpret the built-in enabled firewall as a useful feature which can help to keep the desktop system secure. And the well designed GUI helps to keep the necessary firewall rules up to date and well designed for the daily purposes.
]]> Mon, 03 Mar 2008 15:18:31 +0000 And at this moment, there is a new situation by the >installation of these applications: many uncontrolled open >ports.

How do you define uncontrolled?

When you install an application, it should work. You should not need to disable a port as an extra step. And if you are simply running an application like apache for example, that doesn't make your system more vulnerable in of itself.

The user may very well make the computer vulnerable, but a firewall will not prevent that. The very same user who would install an insecure web application on top of apache will nonetheless open the port. A firewall won't stop that.

You should be able to install and configure a firewall if you need/want to, but it should not be there by default.

>From this moment on we can interpret the built-in enabled >firewall as a useful feature which can help to keep the >desktop system secure.

If you think that a firewall is keeping you safe, you are mistaken. A firewall is easily avoided by either the user or the malicious software exploit.

And malicious code does not install itself on your computer through open ports like that. You are not putting the Ubuntu Desktop user at risk by not including a firewall by default.

]]> Mon, 03 Mar 2008 18:34:24 +0000
Desktop Security Guidelines: http://its.unm.edu/security/dsg.html
It’s only a workstation: http://www.scmagazine.com/asia/news/article/419677/consultants-view-its-workstation/
Why You Need a PC Firewall: http://www.zonealarm.com/store/content/support/zasc/whyFirewall.jsp
]]> Tue, 04 Mar 2008 08:37:14 +0000
Here are some useful links regarding software firewalls:
http://www.securityfocus.com/infocus/1839
http://www.securityfocus.com/infocus/1840]]> Tue, 04 Mar 2008 17:02:46 +0000 Fri, 07 Mar 2008 01:14:56 +0000 Fri, 21 Mar 2008 00:21:29 +0000
It would be a great feature to have an GUI who's as efficient as iptables...]]> Sun, 23 Mar 2008 16:39:28 +0000 Mon, 24 Mar 2008 18:29:33 +0000 Mon, 24 Mar 2008 18:44:00 +0000 Mon, 07 Apr 2008 22:50:08 +0000
Anyway I just want to say that this is a super-silly suggestion. ufw is an interface to iptables. What we need is a more convenient interface to iptables. Firestarter is inadequate because it can only handle two interfaces tops, one inside and one outside, due to its fundamentally primitive design (of the GUI.) I would propose something based on the ipmasq package, or something totally new.

I manage my firewall with fwbuilder but this is too advanced for most users.]]> Thu, 08 May 2008 16:01:09 +0000 Tue, 13 May 2008 14:55:39 +0000
Answered in "Why ufw Does Not Need A GUI" :
http://ubuntu-tutorials.com/2008/05/04/why-ufw-does-not-need-a-gui/]]> Thu, 15 May 2008 18:02:18 +0000 I made a simple GUI in Python + Glade.
You can download it at:
http://code.google.com/p/gui-ufw/
To install follow the instructions of the file installation.
A greeting.]]> Tue, 27 May 2008 14:43:13 +0000 Thu, 12 Jun 2008 00:04:36 +0000 -----
Yes, Windoze users would like to see this as X only users too.
I'm neither the first nor the latter, anyway because an X environment has been present since the early times of Linux, it is correct to be coherent with.
Real GUI environments shouldn't require the use of the keyboard (as far as it makes sense).

To the facts
------------
Please, and I underline, Please!, make the GUI IPv4 AND IPv6! aware.
IPv6 is not so far as you think.
The first step would be to have care of IPv6onIPv4 tunnels and then of the native IPv6 access.
Fortunately UFW takes account of IPv6 so be consequent.

Regards

Andreas Troschka]]> Thu, 12 Jun 2008 11:22:28 +0000 http://gufw.tuxfamily.org/]]> Wed, 25 Jun 2008 17:20:52 +0000 Fri, 27 Jun 2008 19:40:28 +0000
gufw is for users]]> Fri, 27 Jun 2008 20:43:19 +0000
http://gufw.tuxfamily.org/

By the way, we're looking for people to help us make a proper .deb, a PPA, and get it into Ubuntu - so if you've been through this process before, please help everybody out!]]> Fri, 25 Jul 2008 14:29:37 +0000
http://www.pardus.org.tr/eng/projects/firewall/index.html]]> Sat, 30 Aug 2008 08:21:17 +0000
http://gufw.tuxfamily.org/

By the way, we're looking for people to help us make a proper .deb, a PPA, and get it into Ubuntu - so if you've been through this process before, please help everybody out!]]> Fri, 12 Sep 2008 16:11:42 +0000 You can download the last version in:
http://gufw.tuxfamily.org/latest-ufw-deb.html
Best regards!]]> Sat, 13 Sep 2008 14:24:28 +0000 Fri, 26 Sep 2008 08:06:39 +0000 Thu, 02 Oct 2008 07:58:03 +0000