This document describes a minimal and explicit approach to configuring a basic firewall on Slackware using UFW (Uncomplicated Firewall).

UFW provides a simplified interface to iptables while still allowing manual configuration when required. This setup covers installation, basic rule management, enabling UFW at boot, and optional NAT support for gateway scenarios.

• keep firewall rules simple and readable
• integrate cleanly with Slackware init scripts
• avoid background services beyond iptables
• support both workstation and gateway use cases
• retain full control over iptables behavior

• Slackware 15.0 or Slackware -current is in use
• UFW is installed via SlackBuilds.org
• the user has root access
• basic networking is already functional

UFW is not part of the base Slackware distribution. Install it from SlackBuilds.org.

As root, mirror the build directory, build, and install:

# lftp -c "open https://slackbuilds.org/slackbuilds/15.0/network/; mirror ufw"
# cd ufw
# sudo sh ufw.SlackBuild
# sudo installpkg /tmp/ufw-*.t?z

Allow basic services such as SSH, HTTP, and a custom TCP port:

# sudo ufw allow ssh
# sudo ufw allow http
# sudo ufw allow 8080/tcp

Rules are applied immediately but are not enforced until UFW is enabled.

Enable the firewall:

# sudo ufw enable

Slackware uses /etc/rc.d/rc.firewall during system startup. To integrate UFW with this mechanism, create the following symlink:

# sudo ln -s /etc/rc.d/rc.ufw /etc/rc.d/rc.firewall

Ensure the UFW init script is executable:

# sudo chmod 755 /etc/rc.d/rc.ufw

With this setup, UFW will be activated automatically at boot.

To view current rules:

# sudo ufw status

Example output:

Status: active

To                         Action      From
--                         ------      ----
SSH                        ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
8080/tcp                   ALLOW       Anywhere
SSH (v6)                   ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
8080/tcp (v6)              ALLOW       Anywhere (v6)

To view rules with numbering (useful for deletion):

# sudo ufw status numbered

List rules with numbers:

# sudo ufw status numbered

Remove a rule by its number:

# sudo ufw delete 2

UFW does not provide a high-level NAT command but supports NAT through manual configuration. This is useful when the system acts as a gateway or performs internet sharing.

Edit the UFW sysctl configuration file:

# sudo vi /etc/ufw/sysctl.conf

Ensure the following line is enabled:

net/ipv4/ip_forward=1

Apply the change immediately:

# sudo sysctl -w net.ipv4.ip_forward=1

Edit the UFW rules file:

# sudo vi /etc/ufw/before.rules

Add the following at the very top, before any *filter table:

*nat
:POSTROUTING ACCEPT [0:0]
# Replace eth0 with your external interface
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
COMMIT

This configuration enables NAT for hosts in the 192.168.0.0/24 network using eth0 as the outbound interface. Replace eth0 with your actual external interface name.

Apply the changes by restarting UFW:

# sudo ufw disable
# sudo ufw enable

UFW provides a practical and understandable firewall interface for Slackware systems when combined with Slackware's native init scripts.

By enabling UFW explicitly, integrating it with rc.firewall, and optionally configuring NAT through backend files, systems can be secured without sacrificing transparency or control.

• ufw(8) manual page
• iptables(8) manual page
• UFW on SlackBuilds.org
• Enabling Sudo on Slackware

* Originally written by r1w1s1