Written by mnicky the 26 Apr 08 at 15:23.
Linux is famous for being secure. And that can't be possible without properly configured firewall. But average ubuntu user (including me) don't know how to setup and control firewall via shell...
So I think it's a good idea to put some gui for firewall configuration (like Firestarter) to Ubuntu CD.
Ubuntu is secure out of the box, no firewall configuration is the safe and proper default configuration. You don't need a firewall, with no network services in the base install there is nothing for a firewall to protect.
El_Tate: you set those in your router. Routing should be done by a router (hence the name ;) ).
Again I repeat what peterjs said: this is LINUX not Windows.
Unix (and later on Linux) was built to be a multi-user system where one user is allowed to do more than another user. The internet is just full with users that are not allowed to do anything on our machines.
Sorry, as I'm still using Gutsy, which don't have ufw, I didn't know that something like that has already been implemented into Hardy. But still I think that Firestarter is more newbie-friendly. OK it has about 2MBs....
Friendliness is not a factor. You could create the prefectly friendly firewall tomorrow, you could get everyone in the world to agree that it was the most friendly application ever written. That still would not change the fact that a firewall is not necessary in the base Ubuntu install. Security is a mindset and a process, not doing dumb things will keep you far safer than any software you could ever install.
I disagree that this is a dup of #7889 but anyway...
@peterjs you are quite simply wrong that Ubuntu does not need a firewall. Anyway it is impossible to not install a firewall with Linux, because the functionality is built into the kernel. I believe it is actually possible to manipulate the tables through /proc, although it is somewhat arduous.
@Rinzwind: You set those in your router? Lots of people don't have one! First, every modem user including cellular users. Second, anyone using PPPoE to a very stupid modem. There's lots of those. Third, anyone with an internal CM, ISDN, or DSL interface.
The reason you need a firewall is that security holes happen. Sad but true. A remote root vulnerability isn't effectively a vulnerability if you can't contact the host. There have definitely been remote root holes in Ubuntu, they tend to be patched quickly but you can't guarantee that users will update frequently.
Also, there HAS been a remote root hole in the Linux kernel that was accessible even without running any services, an attack against the IP stack itself. Believing that such things don't happen is naive in the extreme.
To not firewall in the base install is a huge mistake.