I am using Ubuntu and I want to use the best firewall (Free) possible for my security! I worry daily about getting hacked!
2 Answers
You're in luck.
Ubuntu Desktop includes the best firewall already. Use your favorite search engine to look for a "UFW Tutorial" (UFW = Uncomplicated Firewall)
However...a firewall is not magic. Firewalls were created as a workaround -- Windows had vulnerable services listening that users couldn't turn off. Ubuntu doesn't have that; Ubuntu is secure by default. Firewalls will not protect you from a wide range of non-port-related attacks. Good security in Ubuntu is more often a set of safe habits than a particular security-related application.
2There is no best option for which firewall to use on Ubuntu as it's a very subjective question.
Personally I use vanilla iptables, so that I can have complete confidence in the rules I create and if I do create a vulnerability, it's on me.
By default Ubuntu comes preinstalled with UFW, Uncomplicated Firewall, which is designed to be more user friendly.
For example to allow incoming ssh connections when using only iptables you would need to run:
$ sudo iptables -A INPUT -i lo -j ACCEPT
$ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
$ sudo iptables -A OUTPUT -o lo -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPTThe same command with UFW would be:
$ sudo ufw allow sshAnother option that I have no personal experience with is firewalld, but I believe it's the default on arch linux distros. The equivalent to the above would be:
$ firewall-cmd --zone=public --add-port=22/tcp --permanentI'm sure other programs exist, but those are the ones I know of. Any user-friendly alternative to iptables simply makes the commands more readable, but they still implement iptable, so even if you decide to use firewalld or ufw it would be advisable to learn how to read iptables rules so you can look for vulnerabilities yourself.
