Uncomplicated Firewall (UFW) is a helper tool which allows you to quickly setup iptables firewall in any Ubuntu server. It is installed by default and it allows you to secure your server at no time!
Basic UFW: Check Status
You can check UFW by running this command. The verbose argument prints additional information such as UFW profiles, logging settings.
The ‘numbered’ argument prints the list of rules with line number. I’ll explain later on the use of this feature.
sudo ufw status sudo ufw status verbose sudo ufw status numbered
Basic UFW: Enable and Disable Firewall
You can easily enable and disable firewall by specifying ‘disable’ and ‘enable’ argument.
Warning : Please do not enable UFW if you’re connecting using SSH connection to your Ubuntu box, you might be disconnected.
sudo ufw disable sudo ufw enable
Basic UFW: Setting up default rule and Enabling SSH
A lot of you might be connecting to Ubuntu box using SSH connections, so the first step is to setup a default rule and enabling SSH connection.
Deny incoming connection
sudo ufw default deny incoming
Allow incoming SSH connection
sudo ufw allow ssh
Alternatively you can write:
sudo ufw allow 22/tcp
Finally, enable firewall
sudo ufw enable
You can check the firewall rules by running
sudo ufw status
Basic UFW: Enabling other service: HTTP, HTTPS
Enabling web server port and https is as easy as running
sudo ufw allow http sudo ufw allow https
Basic UFW: Deleting rule
You can delete UFW rule by running
sudo ufw delete allow https
or by specifying its port and protocol
sudo ufw delete allow 443/tcp
Additionally you could also delete rule using its number by running “ufw status numbered” first
sudo ufw status numbered
ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] 443 ALLOW IN Anywhere [ 4] 22 (v6) ALLOW IN Anywhere (v6) [ 5] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 443 (v6) ALLOW IN Anywhere (v6)
Then pick a firewall rule based on its number to delete, I picked number 3 and 6, because I want to delete https rule
sudo ufw delete 3 sudo ufw delete 6
UFW will print a confirmation prompt and you can continue deleting the firewall rules
/home/mypapit# ufw delete 6 Deleting: allow 443 Proceed with operation (y|n)? y Rule deleted (v6) /home/mypapit# ufw delete 3 Deleting: allow 443 Proceed with operation (y|n)? y Rule deleted
Intermediate UFW: Deny access from ip address or ip block
You can prevent certain ip address or ip blocks / subnets from reaching your server by running:
sudo ufw deny from 172.18.44.12
Deny an ip address subnet
sudo ufw deny from 172.18.44.0/24
Deny an ip address subnet, example #2
sudo ufw deny from 172.16.0.0/16
Intermediate UFW: Allow services to be connected from certain ip address or subnet
In this case, I will only allow certain ip address to connect to my SSH port.
First we delete the old – “allow all” SSH rule
sudo ufw disable sudo ufw delete allow ssh
Then we add ip address to be allowed to connect to SSH port
sudo ufw allow from 192.168.20.40 to any port ssh
Alternatively, you could also specify port number and protocol
sudo ufw allow from 192.168.20.40 to any port 22 proto tcp
Only allow SSH connections from certain subnets
sudo ufw allow from 192.168.20.0/24 to any port 22 proto tcp
Note: Adding firewall rules to only allow SSH connection from certain subnets would increase the server security, further reducing brute-force attack.