danielhollocher at gmail.com
Mon Aug 30 13:49:46 UTC 2010
On Sun, Aug 29, 2010 at 5:10 PM, Jim Kielman <jim_kielman at shaw.ca> wrote:
> There is a tool for setting firewall rules installed by default called
> ufw, for those that need a graphical tool to set firewall rules, it's
> just as easy to install gufw, as it is to install firestarter.
> The biggest problem is one of education, most users assume that
> firestarter is the the firewall, when in fact it is iptables/netfilter.
> I'm still learning how to use mailing lists, I created a message last
> night that only got sent to the the person I replied to, so here goes again.
> I'm one of the moderators on the forum, and we are constantly trying to
> educate the membership of the dangers of running applications as root.
> Firestarter needs to be run as root.
> This wouldn't be a problem if users ran the program the way it is
> supposed to be run, start it, set the firewall rules, then shut it down.
> Many users start it up when they log in, and leave it run all day,as it
> monitors the firewall and shows blocked connection. Many also assume
> that if firestarter is shutdown they no longer are protected by a firewall.
> With the included tool for setting the firewall all you have to do is
> enable the default rule set and it's done. The default rule set blocks
> almost everything, and in Windows terms makes the users system seemed
> to be stealthed. All you need is one simple command:
> sudo ufw enable
> And your done. If the defult rules aren't good enough, you can use gufw
> for adding additional rules.
Would you mind updating the community wiki  to include this
information? That way, web searching users and IRC users can also be
informed of such guidelines. I'm envisioning an additional section in
the beginning that would allow one to use a firewall, yet stay
ignorant of what a firewall is or how it works. Something like:
Most users don't need a firewall because linux based systems have
features blah blah blah. But, in situations A, B, C, a firewall can
enhance security by making the computer invisible on the network.
sudo apt-get install ufw
sudo ufw enable
And then maybe put the root issue with firestarter in the bottom
More information about the Ubuntu-devel-discuss