Call: (480) 382-8464

UFW (Uncomplicated Firewall) Setup

UFW manages iptables in a little bit easier way than actually writing IPtables commands.
This article will give a few examples of UFW usage.

Why Use a Firewall?

Every server listens on a port. Most clients know to go to that specific port to communicate and interact with the server. You may not want people interacting with all of the services on your server. The orange box of this netstat command shows all open ports.
netstattunlp

Even though they are open and listening, we can use a firewall to let them speak to only certain computers, or no external computers.

Find Your IP, So You Can Allow Yourself

http://whatismyip.org is a good graphical tool, but you can also pull your ip information from the command line using ifconfig or curl.

Installing UFW on Ubuntu

First we install ufw packages


apt-get install ufw

Default Deny Rule

Next, set the default policy to deny everything.


ufw default deny

UFW Allow Services

We’ll need to add the services and ports we want. Here are a few examples that are specific


ufw allow proto tcp from 10.123.0.0/16 to any port 22
ufw allow proto tcp from 198.101.145.125 to any port 22

And here are some more wide open examples:


ufw allow proto tcp from any to any port 80
ufw allow proto tcp from any to any port 443
ufw allow from 198.101.145.125

You can also specify named ports as found in the /etc/services:


ufw allow ssh
ufw allow http
ufw allow https

Here is a sample of the list of named services:
etcservices

Enabling Firewall Rules

Finally, enable logging and then enable the changes you made:


ufw logging on
ufw enable

View UFW Status/Rules

You can review iptables directly:


iptables -L

iptables

or you can see ufw’s status like so:


ufw status
ufw status numbered

ufw-status

Deleting Rules

First, find the rule numbers, then delete them (x = the rule number):


ufw status numbered
ufw delete X

Leave a Reply

Your email address will not be published. Required fields are marked *

Main Offers/Services

Hosting and website related services offered by Digital Crunch:



Managed VPS Hosting

Server Updates, Module/Software Installs, Firewall, Security, Hosting Management, Wordpress - let us manage it for you

Hosted Email

Setup and Maintain Business Class, Secure Email Hosting including spam protection and 25GB of storage space

Linux Consulting

Server Updates, Module/Software Installs, Firewall, Security, Hosting, Wordpress and Apps, anything related to Linux

Email Marketing Services

We broadcast your content to your list, capture leads for you, follow up on schedules, make more sales for you

Website Maintenance

Content updates, menu changes, graphics changes, adding content, getting links, building traffic, building sales funnels

Hosting Tutorials

Tutorials we've written for other customers that like to get their hands dirty and learn about hosting