Why is ufw firewall included in Ubuntu, when it is not enabled and pre-configured by default? Most users don't even know it is there, because no GUI frontend is provided.
Yes Ubuntu has a firewall installed by default.
If you want to change any settings, you can use the graphical front end to that command line front end, GUFW
As for your other question, getting a warning when an application connects to the internet:
I don't know of any programs that do this*, but I have written one. Now, this isn't great quality software - it's a quick hack in fact -but it works all right. You'll notice I haven't packaged it in any way, because I don't have any use for it and I don't think its tested well enough to be deployed on Anything That Matters™
It doesn't even have a name, here's how it looks:
(ignore the German captions, they will be in your local language)
And here's how to use it:
Install Python 3
download it and save it as a file on your computer
Via the file properties, mark it as executable
- Double click and choose "Run"
The program will issue a warning for every application that tries to access the internet. It will not prevent it from doing so, but it'll let you know. You then have the option of putting it on a "White List" of trusted applications, which causes it to not warn you again about this particular program.
If you start it from a terminal, you'll get a few useful messages about what it's doing.
Again I have to stress, even though it works, I haven't tested it properly (i.e. with many users trying it out).
For the purposes of support, you may send me email about it, I don't mind
* It seems UFW is able to do it!
This section is really better suited for someone managing servers than for desktop users:
UFW comes with an Application Filter. It's configuration is a simple text file at
To get a list of all the application filters, type
sudo ufw app list
Which should look like this:
Available applications: Apache Apache Full Apache Secure CUPS
To get more details on any one application, type - for example:
sudo ufw app info 'Apache Full'
More details are available in the relevant Ubuntu help wiki page
As for the question of default configuration:
By default, Ubuntu ships with no open ports on public interfaces
There is currently not a way to show the rules you have entered before enabling the firewall via the CLI command. You can inspect the rules files directly however. /lib/ufw/user*.rules contain the rules controlled via the 'ufw' CLI command. Eg:
$ sudo grep '^### tuple' /lib/ufw/user*.rules
This will show output like the following (for the rule added with 'sudo ufw allow OpenSSH):
/lib/ufw/user.rules:### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 OpenSSH - in
The 'tuple' is the shorthand used internally by ufw to keep track of rules, and can be interpreted as one of these:
### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <direction> ### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <dst app name> <src app name> <direction>
It might be useful to be able to add another status command to support this. Please consider filing a bug.