Transcript from the "Firewall configurations: UFW and GUI options" Lesson
>> Jem Young: So surely there has to be a better way than iptables. This is not the way to control ports on your computer. Yeah there is. There's a little utility called uncomplicated firewall ufw. So now if we want to allow ports in we can say sudo ufw allow ssh enable.
[00:00:20] That's much better than this. Isn't it?
>> Jem Young: Yes you can agree with me, it's okay. Yes, so we can use uncomplicated firewall to do everything we just did.
>> Jem Young: Of course you don't do this now. For all the ports that we're gonna open, I will tell you when we're gonna open them, when we're gonna close them.
[00:00:42] You don't have to worry about that for this class too much. But let's create a uncomplicated firewall rule to block all outgoing HTTP connections. How do we do that with iptables? We do it this way, not as pretty. So if we wanna reject all, we can just say ufw reject out http.
[00:01:02] Is that not uncomplicated? They really know what they're doing when they name things in Unix.
>> Jem Young: So don't do this. If you do this now, obviously I didn't put a dollar sign on it saying like don't do it. That's just an example. Cuz if you block off your HP connections later in the class, you'll be like, why isn't my web server working?
[00:01:23] I'll be like, I don't know, what'd you do, man? So don't do that now. But in the future, if you need to open ports, close ports, ufw is a much easier way to go. But, even lazier, even lazier, there is a UI for this. So this is Amazon.
[00:01:37] This is EC2. You can just create security groups and you say SSHP these custom rules. Much easier you don't even have to do it on the server anymore. The way to do it in dissolution if you go to. Let's see if I can find it actually. Showing is better than telling.
[00:01:55] If we go to Networking.
>> Jem Young: Click the firewalls. I don't have one yet. So I can create a firewall. I create all these rules, inbound, outbound and this is much friendlier way to create a firewall on your computer but again if you're not using dissolution it's good to know about ufw.
[00:02:20] And if you don't have ufw installed because you're using a different a distribution of Unix, it's good to know about iptables. Those are pretty standard. But for now you can leave this alone. Your standard firewall just allowing SHN for now is just fine.
>> Jem Young: But it's good to know that.