Uncomplicated Firewall
After the installation of Ubuntu Server, one of the most important things to do is to configure the firewall to allow the traffic from the protocols we want. To do this, we have a package preinstalled on Ubuntu Server called ufw.
What is UFW?
UFW, or uncomplicated firewall, is a frontend for managing firewall rules in Arch Linux, Debian, or Ubuntu. UFW is used through the command line (although it has GUIs available) and aims to make firewall configuration easy (or, uncomplicated).
How it works?
The first thing you can do is to see what is the current status of your ufw. To check the status, run the following command:
sudo ufw statusIf the above command returns Status: inactive, we can activate our firewall by executing the following command:
sudo ufw enable*** Attention: If you are managing your server via SSH, first you need to allow the ssh protocol to communicate through your firewall before activating it. Otherwise, you will lose your SSH connection. To allow SSH protocol, just execute the command: sudo ufw allow ssh
After enabling your firewall, you can run again sudo ufw status to see what are the current allow/deny rules enabled.
How to add rules?
You can add rules by two different methods. By denoting the port number or by using the service name.
For example, to allow both incoming and outgoing connection on port 22 for SSH, you can run:
sudo ufw allow 22or
sudo ufw allow sshThe same example can be applied to deny traffic. For example, if you want to deny traffic for the SSH protocol, you just need to replace the allow for deny in the commands above.
You can also allow packages based on tcp or udp protocols. For example, if you want to allow TCP packages on port 80 (http), you can run the following commands:
sudo ufw allow 80/tcpor
sudo ufw allow http/tcpAlong with allowing or denying based solely on port or service name, UFW also lets you allow or block traffic by the IP address.
For example, to allow connections from an IP address:
sudo ufw allow from 192.168.1.2Allowing connections from a subnet:
sudo ufw allow from 192.168.1.1/100Allowing a specific IP address/port combination:
sudo ufw allow from 182.168.1.1 to any port 80 proto tcp*** Attention: proto tcp is optional. You can remove it or switch the tcp to udp according to your needs. The same thing applies to the allow command.
How to delete rules?
To remove a role, you just need to execute the same command to add rules, but instead of add it will be delete.
sudo ufw delete allow sshLogging
UFW allows you to log all incoming/outgoing connections. For this, first, you need to enable this functionality by running the following command:
sudo ufw logging onYou can also set the log level. By default the log level is low. However, you can easily change this by running the following command:
sudo ufw logging low|medium|highThe UFW log is located on /var/log/ufw.log.