On Vi, 11 mar 11, 14:56:42, Michael Friendly wrote: > Hi > I have a new machine running kubuntu 10.04 which was setup by an IT > person with firewalls in /etc/iptables that largely lock-down my > box, > e.g. some specified services (sftp/ssh) from a designated IP address > work, but I can't even ping my box from an scp-enabled IP address > PC, > far less, use sftp/ssh from home. > > I find iptables rules daunting and can't depend on further support from > our IT, so I'm looking for an alternative that would be easier for me > to manage on my own. I've read descriptions of ufw and the GUI gufw, > which seem simpler to understand and use. ufw is presently installed > but not enabled. > > I don't know how to transition from iptables to ufw: > - Do I have to disable iptables first ufw is a frontend to iptables, so "disabling" iptables (whatever you mean by that) will make ufw useless. > - Do I have to install/enable the rules from iptables for ssh, > samba, etc within ufw? > > Any help/guidance would be appreciated. If there is a better forum for > this query, please let me know also. First you need to find out exactly how the iptables rules are loaded. Could be via /etc/rc.local a dedicated script in /etc/init.d/ or something else (is package iptables-persistent also in Ubuntu?). Do not try to use ufw until you know exactly how the current iptables rules are loaded and you know for sure you can disable them! Next would be to try to understand what the rules do and reimplement the functionality in ufw. By the time you are done you might not need ufw anymore ;) Now you can start changing the rules, but beware, you are likely to go against your organisations policy... Have fun, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature