A Django site.
June 27, 2008

Christer Edwards
nonic
Ubuntu Tutorials : Dapper - Gutsy - Hardy - Intrepid
» Presenting at OSCON 2008 : July 21-25, 2008

Some of you might remember, long ag, that I asked for some feedback regarding a presentation at Ubuntu Live 2008. Well, as it turns out the Ubuntu Live conference was cancelled by my presentation was migrated to OSCON instead.  I’m pretty excited to be going to OSCON this year, especially as a speaker.  I went last year, but just to work in a booth as a volunteer.  This year will be a much more fun!

If you’re going to be at OSCON come and say hello.  I’ll be presenting:

LTS Tutorials : Using Ubuntu in the Enterprise - 10:45 on 23 Jul 2008

I’ll be covering things like automated installations with kickstart and preseed, automated “stack” setup with the server installer (LAMP, etc), basic security with ufw, and more.  I think it’ll be a lot of fun and I hope to be able to show how Ubuntu Server can make Enterprise Linux simpler while remaining just as stable and secure as anything else.

If you haven’t yet registered I’ve outlined some of the available discount codes below.  If you can get the time, and if the discount help, OSCON is *really* a lot of fun and the education you get is worth every penny.

OSCON Registration Discount Codes

  • os08fts - 65% off with proof of full-time student status: a copy of ID & class schedule demonstrating enrollment in 12 or more units per semester/quarter. Fax to (707) 829-1342. Please use os08fts in the discount field.
  • os08team - 10% off per person if you register 3 or more people from one company. Please use os08team in discount field. Proof of status of employment (copy of business card) for each attendee must be faxed to (707) 829-1342.
  • os08np - 40% off with proof of full time employment at a non-profit organization and verification of non-profit status (501 c3 or equivalent). Fax to (707) 829-1342. Please use os08np in the discount field.
  • os08gov - 10% off with proof of full-time employment with a government agency. Use discount code os08gov, and fax proof to (707) 829-1342.
  • os08as - 25% off with proof of full time academic employment status on organization letterhead. Fax to (707) 829-1342. Please use os08as in discount field.

Related

by Christer Edwards at 6:34 PM under community , enterprise , lamp , oscon , ubuntu , ufw (Comments)
May 4, 2008

Christer Edwards
nonic
Ubuntu Tutorials : Dapper - Gutsy - Hardy - Intrepid
» Why ufw Does Not Need A GUI

I’ve been hearing more and more recent requests (at OpenWeek -chat and in blog comments) regarding a request for a GUI on top of ufw.  I wanted to take a second and outline more clearly what ufw is, which will likely stop these requests.  I think its just a simple matter of not truly understand what ufw does which leads to these.  Bottom line, there are already a number of GUI firewall applications, adding one for ufw would be basically pointless. (Before you argue that point, keep reading.)

What is ufw?

ufw, or “uncomplicated firewall”, is simply a management tool for creating kernel-level firewall rules which is done via the netfilter kernel module and iptables userspace tool.  iptables has been around for quite a long time, is very, very robust and very widely used.  It is installed by default on any Ubuntu system, but no “rules” have historically been applied to it.  (Technically, every Linux system has a firewall utility built into the kernel, but if no rules are applied to that filter nothing is actually being specifically allowed or denied.)

The reason ufw was developed (I sat in on the sprint at UDS for this) is that we wanted to create a server-level firewalling utility that was a little bit more “for human beings”.  While iptables is already installed and available for use, the syntax can be complicated.  For example, lets say you wanted to block all connections from the IP address 10.100.0.5:

iptables : sudo iptables -A INPUT -s 10.100.0.5 -j REJECT
ufw: sudo ufw deny from 10.100.0.5

Another slightly more complicated example could be written for blocking specific ports and protocols:

iptables: sudo iptables -A INPUT --dport 22 -s 10.100.0.5 -j REJECT
ufw: sudo ufw deny from 10.100.0.5 to any port 22

ufw is creating the iptables / netfilter rule “under the hood”, but allowing us to create the rules in a simpler way.  Both of the commands above basically do the same thing, ufw simply “uncomplicates” the process.

For those that are looking for a GUI on top of ufw, remember that you already have tools such as Firestarter or lokkit, etc.  Those are graphical tools which create and manage iptables / netfilter rules “under the hood”.  ufw is simply a command-line tool to manage iptables / netfilter rules “under the hood”.

The existing GUI tools (Firestarter) and ufw both use iptables underneath, so adding a GUI to ufw would basically be re-creating Firestarter, which is not really needed.  ufw is simply a less complicated way to create firewall (iptables) “rules” on the command line.

Random Posts

by Christer Edwards at 8:16 PM under firestarter , firewall , iptables , netfilter , security , ufw (Comments)