Setting up a firewall in Ubuntu

      No Comments on Setting up a firewall in Ubuntu
Reading Time: 2 minutes
Setting up a firewall in Ubuntu
5 (100%) 2 votes

By far the most popular and easy to setup firewall for Ubuntu is UFW, which stands for the ‘Uncomplicated FireWall’. In this tutorial I’ll provide some examples for setups with UFW. I tested the following lines on a fresh Ubuntu 16.04 installation, but this should all work the same with just about any Ubuntu version of the last few years.

Installation

Installation of UFW is fairly simple with apt-get and a few commands. All commands should be prepended with sudo, or run by a user account with root privileges.

This will get the package from the internet and install it. Next we check to see if it really wasnt configured yet by running ufw status.

As you see the status is inactive. Before we continue I’ll mention that it’s handy to have physical access (or console access with a VM or VPS), so we don’t get locked out when we do finally make it active. The actual instruction to activate your rules is located at the end of this post. On to the default configuration.

This takes care of the default setup, which allows things going out, but not coming back in. To setup an SSH server you’d have to open up that port.

This is a shorthand form for ‘ufw allow 22/tcp’, but it allows for quickly opening things up without having to lookup the appropriate ports again.

Say you check your /var/log/auth.log and see a lot of attempts to break in by somebody with IP (fictitious) 200.1.1.0, you could block ALL that IP’s traffic to your server with:

or just to block incoming ssh traffic

If at a later point you’d like to delete a rule, you can type exactly the same line with delete just after ufw, alike:

As last advise, opening up a port range is also possible (for your passive ftp ports or such).

To actually activate your rules, you’ll have to enable the firewall with

There’s loads of other things possible, but I wanted to keep this nice and short.

Note: Most manuals I’ve read on UFW mention to check if you’re using IPv6, and to make sure it’s enabled in the firewall startup config at /etc/default/ufw. Change the line with ‘IPV6=no’ to ‘IPV6=yes’.

Share