Hello friends, in this article I am going over the installation and configuration of Ubuntu’s Firewall the so called uncomplicated firewall or short UFW. It is fairly easy to work with this firewall and you will recognize what I mean by that.
Installation of UFW
I expect that that you already have a running Ubuntu Server but if you need help to install one go read here. On Ubuntu Servers and Desktops the UFW should already be installed and you can check it’s status by issuing the following command:
sudo ufw status
If it is installed you should see something like the following:
Status: inactive
or you can check with the following command
sudo systemctl status ufw.service
and you should receive something like the following:
● ufw.service – Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2021-01-18 14:04:39 MST; 5 days ago
Docs: man:ufw(8)
Process: 383 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
Main PID: 383 (code=exited, status=0/SUCCESS)
If you don’t see any of that then it is save to assume it is not installed and it can be installed with the following command:
sudo apt install ufw
Configuration of UFW
Now that UFW is installed and running lets go ahead and start configuring it. The first thing I always do is to block all incoming traffic with the following rule:
sudo ufw default deny incoming
with the next rule I allow all outgoing traffic:
sudo ufw default allow outgoing
if you feel really paranoid you can block all outgoing traffic as well and allow certain traffic to go through the firewall. Here is how to block all outgoing traffic:
sudo ufw default deny outgoing
If the direction in the rule is not specified it always applies to the incoming rules and if you like to open up an outgoing port you need to specify the direction, for example lets assume you blocked all incoming and outgoing traffice and like to be able to access the ssh server from the outside and also like to perform ssh access to another server. Here are the rules to do so:
sudo ufw allow ssh
The rule above allows incoming ssh traffic and the rule below allows outgoing ssh traffic:
sudo ufw allow out ssh
If you rather prefer the service ports in your rules you can do that too, see below:
sudo ufw allow 22
sudo ufw allow out 22
With UFW you can also specify the protocol type and add comments to the rule to point out why you set this rule:
sudo ufw allow 443/tcp comment ‘allow https traffic for Apache/NginX’
sudo ufw allow 1194/udp comment ‘allow only UDP traffic on port 1194 for OpeenVPN’
UFW also allows to work with ranges and if you work with ranges you need to specify the protocol:
sudo ufw allow 1000:2000/tcp
sudo ufw allow 1000:2000/udp
One can also specify which far IP address can access specific services:
sudo ufw allow from 192.168.5.5 to any port 22 proto tcp
or even more specific to a certain IP if you server happens to have multiple IP address:
sudo ufw allow from 192.168.5.5 to 192.168.1.2 port 22 proto tcp
It is also possible to block certain outgoing ports if you happen to allow all outgoing traffic but like to close for example for 25 or 465 to prevent outgoing SMTP traffic:
sudo ufw reject out 25
sudo ufw reject out 465
Rate limiting is another useful feature of UFW that can block connections that are obviously abusive. This is used to protect against an attacker attempting to bruteforce an open SSH port. Obviously you could whitelist the port to protect it entirely, but rate limiting is useful anyway. By default, UFW rate limits 6 connections per 30 seconds, and it’s intended to be used for SSH:
sudo ufw limit ssh
Some UFW Commands
Turn on or off the UFW Firewall:
sudo ufw disable
sudo ufw enable
or
sudo systemctl disable ufw
sudo systemctl enable ufw
Reloading UFW rules:
sudo ufw reload
Turning logging on or off:
sudo ufw logging on
sudo ufw logging off
Check the UFW Log File:
sudo more /var/log/ufw.log
sudo tail -f /var/log/ufw.log
Deleting rules:
One need to show a numbered list of the rules first
sudo ufw status numbered
this is what it returns:
Status: active
To Action From
— ——— ——-
[ 1] 22 ALLOW IN 192.168.5.5
I order to delete a rule you simply need to specify the line number:
sudo ufw delete 1
Deleting:
allow from 192.168.5.5 to any port 22
Proceed with operation (y|n)? y
Rule deleted
One can also reset the firewall:
sudo ufw reset
Conclusion
As you can see the UFW is fairly simple to work with and configure. I hope you liked this basic UFW article. If you like to read more about UFW go here. Drop a comment if you like for me to add or modify something.