[Bug 1999155] [NEW] UFW Disabled by default
*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold): UFW or iptables is disabled by default on both ubuntu server and desktop, which poses a major security risk as ports that shouldn't be open, are open by default, specially for incoming connections. If UFW breaks working apps on Ubuntu server and desktop, at least make it enabled by default but reject all incoming connections. Malware and exploits are out in the open, and no one in their sane mind would a Firewall suit disabled on Linux or Windows. ** Affects: ufw (Ubuntu) Importance: Undecided Status: New -- UFW Disabled by default https://bugs.launchpad.net/bugs/1999155 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1999155] Re: UFW Disabled by default
Hello Pedro, thanks for the report; this was an explicit decision: https://wiki.ubuntu.com/SecurityTeam/FAQ#UFW Making firewall rules that are tight enough to stop threats yet open enough for the computer to still be useful in a wide variety of environments is very challenging. We've decided that it's better for the tools to be available but not try to provide a default configuration. Thanks ** Information type changed from Private Security to Public Security ** Changed in: ufw (Ubuntu) Status: New => Opinion -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1999155 Title: UFW Disabled by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1999155/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1999155] Re: UFW Disabled by default
We've decided that it's better for the tools to be available but not try to provide a default configuration -> then why isn't gufw (gtk gui for ufw) isn't installed by default for ubuntu desktop? Plasma 5 has a gui for the firewall inside the system settings. Since Ubuntu has altered the gnome-settings to add the ubuntu-settings portion (mainly to tweak the dock) why doesn't ubuntu with gnome have a similar tool for the desktop? Either making use of ufw or putting a way on the settings to add incoming and outgoing rules through a gui. Heck, even linux mint comes with gufw installed by default. As for the security and usability aspect, doing sudo ufw enable hasn't done anything to prevent me from working or doing my tasks on my machines. And rejecting incoming requests hasn't done it either so makes little to no sense for me that the firewall is disabled by default or not enabled with rejecting rule for incoming On the server side, I've got little to none outgoing rules and full reject for incoming for security reasons, and it has been a smooth experience. Perhaps that decision is a bit outdated? The FAQ page sent by you was last edited on 28-10-2022, but doesn't allow to see when the ufw part was last modified, but I suppose it was a long time ago. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1999155 Title: UFW Disabled by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1999155/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
