Zorin 18 - firewall still available

I noticed ubuntu isn't leaning so much on the GUFW for their desktop and I didn't see it in some other distribution ... I would expect this option / software to be available in future versions. I like the simplicity of deny incoming, and allow outgoing to start in regards to firewall.

I've played around for a locked down machine via firewall - just allowing https, https, dns, dhcp and worked pretty decent ... I'm not a fan of ssh access - perhaps to access a server but not a desktop imo.

I did use the remote desktop feature RDP - and it worked really well.

Anyway just thought to mention its a decent option to have installed by default.

4 Likes

Ubuntu doesn't have GUFW but should have UFW preinstalled. That is the same but without graphical Interface. It is a Terminal-based Firewall. There You have to install GUFW as graphical Interface.

2 Likes

Ya it does, but seems strange the desktop doesn't have GUFW installed by default. I'm glad Zorin has it as part of the base install, and should keep it that way at the least , at the most - on by default.

2 Likes

I find it good, too hat Zorin has that. Why that isn't on Ubuntu ... that is a Question for Canonical I guess. Maybe they think it doesn't have a Prority and the People could use the Terminal for it - which isn't directly user-friendly for new Users I would say. Linux Mint has that preinstalled, too. It looks a bit different because of the Cinnamon Desktop but there it is preinstalled, too.

I just loaded up Mint the other day to see if the interface had some features I wanted ... I used to think the cohesive GUI was nice but now I find it clunky and sort of ugly. It was missing a couple of things as well, I can't recall but it's now off my list of seeing whats new. Zorin still hits almost all the marks for my needs, even with ubuntu desktop I found I had to install things that I really shouldn't have to - where zorin had right out of the box.

I suspect the reason to not enable the firewall by default is to try and preserve the "it just works" experience. For simple rules and popular services, it can be easy to setup, but some use cases need a bit of setup that most people might not know how to solve.

For example, routing traffic from one interface to another, which GUFW doesn't even have an option for by default. Here's a recent example of that:

This results in frustration and people would ultimately just disable the firewall entirely anyway. The ideal solution, in my opinion, would be similar to simplewall, one of my favorite programs for Windows, that prompts the user whenever there's a new connection being made, and ask them if it should be allowed or not.

This discussion is very similar to how people would just grant all access to apps on Android, or even Flatpak packages without taking the time to understand what is necessary. This may seem lazy at first, but it's perfectly understandable when most people just want to get some work done.

2 Likes

I agree that is why I don't have a firewall installed ..... all the ones I have tried are a PITA to configure ....

2 Likes

That makes sense ... looking at that persons problem I think ollama by default uses localhost only (reachable by the computer only), you need to add 0.0.0.0 for all interfaces or a specific interface ... so anything from the outside , another computer would not be able to reach ollama regardless of firewall settings.

I personally think the defualt firewall rules are decent- block all incoming allow outgoing. Thats a safe approach to computing - also agree ya, if something needed access it would be nice to be notified - otherwise i think in GUFW you can see who is asking for what, even if you have incoming set to block. Go to Report and gives active set of protocols being used, here you can even add it into a rule to allow.

I always thought it was pretty simple.