How to easily manage your Linux firewall with gufw

Updated: May 20, 2009

Linux is well known for its powerful firewall called iptables. However, this firewall must be managed from the command line, using long, boring and even somewhat difficult commands. Thus, it is virtually inaccessible to most users.

In Ubuntu, the situation is even worse, because the firewall is turned off by default and there is no easy way to start it up. Getting the firewall controlled like any other services requires writing a few scripts, hardly an everyday task for an everyday man. No more.

To make iptables more manageable on Ubuntu, Uncomplicated Firewall (ufw) was born. But it was another command line tool. And so gufw was born - ufw with GUI.


This tutorial will show you how you can easily manage your Linux firewall using gufw, start/stop the service, create rules, monitor logs, etc - all without ever once touching the command line. All you need is a basic understanding of the network principles and off you go. gufw makes iptables as friendly and human as any comparable Windows firewall. This makes it a prime choice for new Windows converts, used to having a visual control of their firewall software.


A small clarification: ufw and gufw are utilities specifically intended for Ubuntu, but you can run them on other distributions with some modifications. Indeed, for more details about ufw, you may want to take a look at this article. Thanks tlu for pointing this one out!

An alternative GUI frontend for iptables is Firestarter, which I have presented in my Wolvix article and shown how to tweak and configure for in my Windows-Linux sharing tutorial. Please note that Firestarter is an older project that has not been updated in quite a while, though. Now, let us begin with the tutorial.

Install gufw

I will demonstrate on Ubuntu 8.10 Intrepid Ibex. gufw is included in the repository, so the installation is a 14-second matter.


Start gufw

gufw can be accessed via System > Administration > Firewall configuration.


The main menu will be grayed out until you enable the firewall. Once you enable it, it will do what any basic firewall does - block unsolicited incoming connections.



Add rules

Now, we need to add some rules. Basically, our firewall will block all incoming packets. This is what we want, with some exceptions: we want to allow our LAN machines to be able to connect.

So we will create a rule:

Rule added

We allow all machines coming from the network (entire subnet) to connect to any service on our host. This means our LAN traffic will flow unhindered. It can't be simpler than this!

Preconfigured rules

gufw also comes with several preconfigured rules, to help you out. For example, you can allow FTP, mail services, NFS, SSH, and others. No need to bother remembering ports and protocols. Just fire away and click Add.



To make gufw useful, we will need to edit some of the settings. For instance, we wants logs, we want to minimize the application to the tray and to have it autostart with the session.



gufw is a terribly simple application. It hides away the gory details of networking and lets you focus on the important stuff. Power users can always revert to the basic command line usage. However, novices will adore the fact there's a friendly frontend that allows them to manage their firewall without fear of getting lost or locking themselves from the network.

gufw is a great tool. I warmly recommend it to all new Linux users.

Have fun.