Uncomplicated Firewall

[andyprice]

I remember that I installed uncomplicated firewall (ufw) and GUI for uncomplicated firewall (gufw) on my Saix 13.37 machine, though I can't remember where I installed them from. It would be nice to have these in the reps for 14 as they give an easy way for setting up the firewall without having to mess around configuring iptables directly. I know there are other configuration tools available via Sourcery (firehol, shorewall6 etc) but they are not uncomplicated...

https://launchpad.net/ufw
https://launchpad.net/gui-ufw

Thanks
Andy

[mimosa]

I'll look into packaging it.
EDIT
I can confirm that both ufw and gufw were packaged for Salix 13.37 by lmello. It should be easy enough to rebuild these for 14.0. I'll let you know when they're ready!

[mimosa]

Hi Andy,

Do you have i486 or a 64-bit system?

In any case, I wonder if you could test something for me. I have rebuilt the 13.37 gufw package for 14.0 and it appears to work. I actually suspect the binaries will work without rebuilding. Could you check this? Here are links for each architecture:

http://salix.enialis.net/i486/13.37/sal ... 86-1lm.txz
http://salix.enialis.net/i486/13.37/sal ... 86-3lm.txz

http://salix.enialis.net/x86_64/13.37/s ... 64-1lm.txz
http://salix.enialis.net/x86_64/13.37/s ... 64-3lm.txz

Download the binaries for your architecture, make sure the dependencies are present (almost certainly they are):

Code: Select all

#slapt-get -i pygobject pygtk

and install the packages, for example for 64 bits:

Code: Select all

#spkg -i ufw-0.30-x86_64-1lm.txz
#spkg -i gufw-10.10.1-x86_64-3lm.txz 

To remove them afterwards (though there's no need, if everything works), return to the directory where you downloaded them and do the same but with -d instead of -i:

Code: Select all

#spkg -d ufw-0.30-x86_64-1lm.txz
#spkg -d gufw-10.10.1-x86_64-3lm.txz 

[andyprice]

Thanks for building those packages mimosa. I installed them no problem (32 bit) but now i need ask a bit of advice.

Since there was no ufw package I went to http://easyfwgen.morizot.net/gen/ and generated a set of rules for iptables, pasted them into /etc/rc.d/rc.firewall (and changed the three IPT paths), made it executable and rebooted. On booting I can see the firewall being started okay and iptables -L lists out the rules, of which there are quite a few.

After installing ufw and gufw I flushed iptables and deleted /etc/rc.d/rc.firewall to get rid of what I had done before. I started gufw and ticked the box to enable the firewall, but on rebooting when I check in gufw it is unticked again. System services it says that ufw is running.

iptables -L shows just the basic rules below, which I think just mean accept everything:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I'm pretty vague on firewalls so I hope you can give me some ideas.
Thanks
Andy

[mimosa]

Hi Andy,

I'm glad those worked. I didn't build them - those are just links to the 13.37 repos. I thought they'd probably work unchanged because it's a Python script.

I'm afraid I know less than you about firewalls. That was why I was interested in this application However, I expect someone else will pitch in. I have never bothered with a firewall (never had any trouble either) but feel guilty about it. It seems to be one of those topics that's quite difficult to find your way into just by searching, so I jumped at "uncomplicated".

Have you had a look at the gufw website for documentation? I don't have the URL at my fingertips but it's something like gufw.org.

Anyway, please do report back on how you get on if you can, particularly if you do discover any problems with these (or solutions).

EDIT
I see the same thing here. When I call ufw from the command line, it complains about missing libraries. So it looks as though when gufw calls ufw, nothing happens. I rebuilt the packages and that fixed it, but I'm still not sure it's working properly. Back to the drawing board I'm afraid!

[mimosa]

I don't have a 32-bit Salix system at the moment (and 14.0 Live isn't ready yet) so I can't build these for your architecture. But you can easily do so yourself. For ufw (which may be all you need, that is, the gufw you have would probably work if ufw did) just download the three files on this page:

http://salix.enialis.net/i486/13.37/source/n/ufw/

Put them in a directory with nothing else in it (such as ~/packages/ufw), move to that directory, and just do:

Code: Select all

$fakeroot slkbuild -X
$su #enter root password
#spkg -i *txz

One easy way to download these is using wget from within the directory you've already created:

Code: Select all

$wget -c http://salix.enialis.net/i486/13.37/source/n/ufw/SLKBUILD

etc.

Uninstall the other ufw beforehand with spkg -d

In case you find you need to build gufw as well, the link is:

http://salix.enialis.net/i486/13.37/source/xap/gufw/

[andyprice]

Thanks for the help guys, I will try building over the weekend and report back.

[andyprice]

I built those packages and everything seems to work now. I get a proper output from iptables -L and when I added a new rule in gufw it also showed up in iptables.Thanks again.
Andy

[mimosa]

Great! Thanks for testing. Would you mind sending me the binaries so I can post them somewhere? I'll PM you with my email.

However, please do report back if any problems should arise, as the firewall is a critical thing for anyone who uses it.