If you want to secure your Ubuntu system, you should configure a firewall. If you want to setup and manage a firewall, various flexible utilities are designed by Linux. One of these tools is called iptables. But, it should note that new users in network security may be a little afraid of iptables, so it is better to start with UFW first. This article proposes to give a comprehensive guide to firewalls.
UFW or Uncomplicated Firewall is a default firewall configuration tool. This user-friendly tool has been developed to facilitate the configuration of iptables firewalls and is provided for creating ipv4 or ipv6 host-based firewalls. It is initially disabled by default from the UFW man page. Also, UFW gives an easy way to add or remove simple rules, but it is not intended to provide complete firewall functionality.
Here, we are going to show how you can setup a firewall on Ubuntu servers using UFW with a Comprehensive Guide to Firewalls. Follow the steps to protect your Ubuntu system. But, first of all, you should prepare the necessary requirements.
A Comprehensive Guide to Firewalls
– A Linux VPS Server with Ubuntu operating system
– A user account with sudo privileges
– accessing a Windows command line
UFW is disabled by default. So, the first thing to do is to enable it from the terminal prompt:
sudo ufw enable
Note that UFW is installed by your Ubuntu server as default, if not, you can check the status and install it using the commands below and then enable it:
sudo ufw status
sudo apt install ufw
Wait to complete the installation process. Now you have UFW enabled on your server.
Now that you enabled UFW, you can configure UFW using both IPv4 and IPv6. To support both protocols you should modify the UFW configuration file, so go through these instructions.
First, you can use Nano or any text editor to open the default settings file:
sudo nano /etc/default/ufw
In your output, you will see the IPv6. If this value is set as no, change the value to yes and enable your IP. Then save and close the file.
By default, UFW is set to allow all outgoing connections and deny all incoming connections. These rules are typical for PCs that do not need to respond to incoming requests. So, if you have changed the default settings and want to return to the default settings, run the following command:
sudo ufw default deny incoming
To allow outgoing connections use the following command:
sudo ufw default allow outgoing
So return the statute to the default settings by these comments.
If your connection is from remote locations, you should setup UFW to allow incoming SSH connections.
Use the command below to configure UFW to allow the SSH connections:
sudo ufw allow ssh
To add a rule for IPv4 (or IPv6 if enabled) use this command and allow incoming and outcoming traffic from SSH connections.
After the configuration, to apply changes, disable and enable the UFW firewall again:
sudo ufw disable
sudo ufw enable
With these actions, you succeeded in setting up and activating the firewall.
If you need to check the status and get detailed information, execute the following command:
sudo ufw status verbose
UFW determines the rules for how the server communicates with other devices. Now you need to specify which connections are allowed to control firewall settings and which are prohibited.
You should allow specific incoming connections to control additional connections, depending on the purpose of the server. Now create UFW rules to add connections. Below is a list of commands requiring for configuration:
1- Apply the command below to set the server and listen to HTTP:
sudo ufw allow http
You can use port 80 as an alternative for HTTP connection:
sudo ufw allow 80
You can see the rule in UFW status:
sudo ufw status verbose
2- Run the following command to enable HTTPS connections:
sudo ufw allow https
You can use port number 443 as an alternative for HTTPS connection:
sudo ufw allow 443
Now to check the status run this command:
sudo ufw status verbose
3- Apply the command below to modify a rule that allows access to all ports from a specific IP:
sudo ufw allow from to any port
This allows all traffic from a remote server to a local machine or local server.
4- Apply this command to allow access from a particular machine to a specific port. This rule will limit access to the specific port:
sudo ufw allow from to any port
5- Determine the range values and the protocol type to allow access to a range of sports. The following is using to allow connections from 2000 to 2004 for TCP:
sudo ufw allow 2000:2004/tcp
To change the protocol for UDP use the following command:
sudo ufw allow 2000:2004/udp
If you want to forbid connection from a specific IP address create a deny rule:
sudo ufw deny from
Or, you can use the following command to deny access to particular ports:
sudo ufw deny from to any port
It is possible to delete UFW rules. You can use two ways for this reason:
1- You can disable the list of all rules and find the determined number of the rule. Now you can see the list in your output:
sudo ufw status numbered
Choose the related rule number and use the command below to delete the rule, so the rule will be removed from the list:
sudo ufw delete
2- The second way is to specify it word for word:
sudo ufw delete
For Example:
sudo ufw delete allow 2000
Since you use the apt command to install UFW, each package has an application profile in the /etc/ufw/applications.d directory. This profile includes information about the software and its UFW settings. So to see the list of the application profiles use this command:
sudo ufw app list
To see more detailed information about a specific package run this command:
sudo ufw app info 'package name'
To give an example, put Apache full to see all the information about this application profile:
sudo ufw app info 'Apache Full'
Security is one of the most important parts of servers and to provide this security, you should set a firewall for your server. Here, we taught how to setup a firewall using UFW on the Ubuntu server after a Comprehensive Guide to Firewalls. We also gave some extra commands and instructions to show the way it works. We hope you enjoyed this article.
How useful was this post?
Click on a star to rate it!
Average rating 0 / 5. Vote count: 0
No votes so far! Be the first to rate this post.
Server Control Panel is a web-based demo environment that is installed on the server so that users c...
Have you ever heard anything about the Wireguard VPN system? This system is a free VPN that helps yo...
What is your opinion about this Blog?