Interested in container computing? Check out my latest project, Bastille.

I installed Ubuntu 8.04 “Hardy” Alpha 4 a day or two ago and I finally got some time to poke around with some of the new features. The new features that are of the most interest to me are the security related features such as firewalling, SELinux, etc.

note: SELinux will not be default in Ubuntu 8.04 but the Ubuntu Hardened team has been working hard on getting it usable. If you’d like to help in the testing and development of SELinux on Ubuntu join our team!

The feature that I played with this afternoon is Ubuntu’s “Uncomplicated Firewall”. I have to say that when I first heard we were going to reinvent the wheel again (I mean, we have iptables, right?) I was a little discouraged. After playing with ufw I have to say I am pretty impressed.

ufw is simply a front-end to iptables. We’re still using the same iptables/netfilter underneath, just not requiring iptables syntax–trying to make things a little more “for human beings” I suppose you could say.

Now I may not be the “standard” Ubuntu user as seen by the rest of the Linux world. I know my way around Linux, spend the majority of my time on the command line and even teach Linux for a living. What I’m trying to say is I’m familiar enough with iptables, so I wondered how we could possibly make it easier. Well they did a good job. Here are a few examples:

sudo ufw default deny – sets the default policies to deny (drop) sudo ufw allow 22/tcp – allows tcp connections on port 22 sudo ufw deny 25 – denies connections on port 25 (tcp/udp) sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53 – we can even be specific between source and destination ports and ips.

… you get the idea. It’s really simple, nearly human readable syntax. I still think iptables is pretty easy, but I think I’ll be perfectly comfortable using ufw as a front-end to iptables moving forward with Ubuntu 8.04 “Hardy”.