ufw
is an uncomplicated configuration tool for firewalls. It is designed to be usable by people who have no experience with firewalls or want an uncomplicated way to modify the underlying iptables
and netfilter
rulesets.
For example:
ufw allow all port 22 traffic (UDP and TCP):
ufw allow 22
iptables allow port 22 traffic (UDP and TCP):
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 22 -j ACCEPT
Comparatively, ufw
permits users to modify the basic firewall needs with limited knowledge of iptables
or such.
It in and of itself only modifies iptables
/ netfilter
rules when 'enabled'. It does not run as its own process, in that sense, because the rules it applies are updated on the fly; I am fairly certain it doesn't continue to 'run'.
The only way I would consider ufw
to be a service is in that, at boot time, it may be able to restore whatever rules are defined in it. However, iptables-persistent
does the same thing, and is not really a service, therefore I do not consider ufw
a service, as such, as to determine if ufw
(that is, the actual firewall rules) are being enforced is with ufw status
.
As per the Community Help Documentation on ufw
, it says nothing about ufw
being a service, which seems to support this.
And through testing, I have confirmed that ufw
is just a less complicated way to 'configure' firewall rules - the real magic of ufw
is that it sets up iptables
/ netfilter
rules which you can then see with iptables -L
when ufw
is enabled.
Best Answer
The answer before mine is right. But let's see if we can make it sound simple.
iptables
is the main firewall. It talks to the kernel. It's more complicated.ufw
wants to make it "uncomplicated" ("ufw" stands for "uncomplicated firewall"). It talks toiptables
. It's a command line tool.The G in Gufw must stand for "graphical", which should provide a click-click interface for
ufw
. It talks toufw
. It's a GUI.Now I hope we could make out their functions and dependencies. ;-)